Hi,
Unfortunately, there was a problem setting up openVPN Roadwarrior.
I created a libvirtd virtualized Windows guest machine under Nethserver manually. I set the IP address of the Windows host (192.168.1.195) to the Green LAN IP address range (192.168.1.0/24) and I can connect to the virtualized Windows host from the Green interface (LAN).
However, if I connect to the Nethserver via the Internet with openVPN Roadwarrior, I can access the Nethserver’s resources, but I cannot connect to the virtualized Windows host in the IP address range on the LAN side.
Since the database server is running on a virtualized Windows host, this is vital for me.
I tried to add a Custom routes (192.168.1.195/32) in the openVPN Roadwarrior setting under Advanced settings, but it doesn’t work.
I enabled “Route all client traffic through VPN” , but it can’t be reached with this either.
I have no experties on libvirtd.
Is NethServer the gateway for GREEN network? Is NethServer the gateway for the virtualized Windows?
I’m assuming than libvirtd communicates somehow with GREEN network. How?
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.20.254 0.0.0.0 UG 0 0 0 em1
10.0.20.0 0.0.0.0 255.255.255.0 U 0 0 0 em1
10.10.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tunrw
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
IP addresses:
Red (WAN) interface: 10.0.20.1
Green (LAN) interface: 192.168.1.190
NS-DC: 192.168.1.191
openVPN Roadwarrior: 10.10.1.1
Win10 virt host: 192.168.1.195
From the Nethsever’s LAN side I can ping the 192.168.1.0 network and the IP address of Win10.
However, if I connect to Nethsever with openVPN Roadwarrior, I cannot ping any member of the 192.168.1.0 network from the client machine.
I was just confused by the two differing bridge interfaces: br0 and virbr0…
Maybe it needs to be either brX or virbrX, but not both used?
I don’t use libvirtd but am a longtime Proxmox user (Before that VMWare), which uses KVM - and in the same constellation as you have it, it just works within Proxmox…
As far as I know, br0 is the bridge between the RED and GREEN interfaces, while virbr0 is the bridge connected to the virtualized host, which ensures the traffic between the host and the guest.
Although this bothers me too, why exactly 192.168.122.0 because I don’t set it up…
@Andy_Wismer
I have two network card, first is RED and second is GREEN interface.
@pike
Nethserver created the br0 interface even before I did the virtualization. I remember that it was created because of the VPN. But maybe I’m remembering wrong…
Are you using AD as account provider?
Creating an AD account provider actually does create a br0 in NethServer.
Using an LDAP based provider does NOT create the br0 Interface.
A VPN creates a tunrw interface…
My 2 cents
Andy
From my home NethServer:
(br0 is bound to the real, existing eth0…)
While studying libvirt, I found that it seems that the virtualized network (libvirt network) does not connect to the br0 (LAN) interface.
brctl show
bridge name bridge id STP enabled interfaces
br0 8000.d4ae52baf955 no em2
vb-nsdc
vnet0
virbr0 8000.525400ef4d76 yes virbr0-nic
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.20.254 0.0.0.0 UG 0 0 0 em1
10.0.20.0 0.0.0.0 255.255.255.0 U 0 0 0 em1
10.10.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tunrw
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
I can still ping the LAN side and the virtualized Windows from the Nethserver console.
I can also ping the LAN side from the virtualized Windows command line.
But if I connect to the Nethserver with openVPN Roadwarrior, I cannot ping the LAN side and the virtualized Windows either.
At night, I pulled up a test Nethserver with a virtualized Windows in minimal configuration and tested the problem on it. I was also unable to connect to Windows running on the test Nethserver using openVPN Roadwarrior. That’s exactly what happened…
I managed to do something because I can finally connect with openVPN Roadwarrior to the virtualized Windows on the test Nethserver. I modified the libvirt network config until it worked… But it doesn’t seem like a convincing solution because of the many modifications because it’s not clear anymore. It would be nice to know how to solve this professionally because I got a lot of error messages when it worked.
I made a trivial mistake. And I repeated this when creating the test Nethserver virtualized Windows too.
I gave the Windows guest a static IP address and for this the gateway and the DNS server had to be configured in Windows Network connections in the ipv4 parameters of the network interface.
I entered the IP address of the router here, but the IP address of the Nethserver LAN interface should have been entered instead.
I fixed it and now Windows is also available through the openVPN Roadwarrior connection.
