I tried to follow the instructions on how to do site to site VPN Layer-2 inside Openstack, but couldn't make it work.
Specifically, I think my problem resides on how to define the DHCP and bridges.
--- Home configuration [server] ----
At home, I have a DHCP server with IPs 192.168.1.x
I installed soft ether server on a computer with just one NIC card. I bridged the card and created two hosts (cloud and home).
-- Cloud configuration [remote] ---
On an Openstack cloud, I created two networks.
Network 1 with IP 10.10.10.x to connect with the provider network.
Network 2 with subnet 192.168.1.0/24 and NO DHCP and No default Gateway.
I launched an instance with two NICs, one in each network and installed BRIDGE.
I linked the hosts between the cloud instance and the server at home.
I created a bridge with the NIC on 192.168.1.0
---- On a second cloud computer ---
I created a new instance and attached to the Network 2.
This computer is unable to obtain an IP from DHCP
The expectation was that this cloud computer will broadcast a DHCP request on its NIC.
that the Cloud bridge will forward that request to the other end of the VPN to the Server
that the server will broadcast that message in the HOME network and provide an IP in the 192.168.1.x space
Any ideas on what could be wrong?
Thanks,
IB
Site to Site with Openstack
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Site to Site with Openstack
Almost all cloud services deny MAC spoofing, so localbridge don't work.
-
ibravo
- Posts: 2
- Joined: Thu Dec 03, 2015 3:49 pm
Re: Site to Site with Openstack
It turns out that you can implement SoftEther in Openstack. All you need to do is to enable --allowed_address_pairs in Openstack to allow for spoofing like this:
1- Find out what port your Openstack Softether interface is located on:
neutron port-list
2. Update for spoofing
neutron port-update [your openstack port id] --allow-address-pairs type=dict list=true ip_address=0.0.0.0/0
3. verify
neutron port-show [your openstack port id]
By doing this, I'm able to see in SoftEther all the IPs of the computers on the cloud. The problem that I have now is that I can ping the internal IP of the soft ether VM bridge, but I can't reach the IP of a VM on the openstack cloud. It might be related to ICPM filtering? I'll take a look now.
1- Find out what port your Openstack Softether interface is located on:
neutron port-list
2. Update for spoofing
neutron port-update [your openstack port id] --allow-address-pairs type=dict list=true ip_address=0.0.0.0/0
3. verify
neutron port-show [your openstack port id]
By doing this, I'm able to see in SoftEther all the IPs of the computers on the cloud. The problem that I have now is that I can ping the internal IP of the soft ether VM bridge, but I can't reach the IP of a VM on the openstack cloud. It might be related to ICPM filtering? I'll take a look now.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Site to Site with Openstack
>> I'm able to see in SoftEther all the IPs of the computers on the cloud.
Is it about IP address table of virtual HUB?
The IP address table shows IPs that seen on the virtual HUB.
But, packet has not always arrived at the IP.
Is it about IP address table of virtual HUB?
The IP address table shows IPs that seen on the virtual HUB.
But, packet has not always arrived at the IP.