<div dir="ltr"><div><div><div><div>re: <tt>I *can* ping a container in host 2 but
not host 2 itself<br><br></tt></div><tt>welcome to networking... its a layer 2 network and each host itself is the tunnel end point.<br></tt></div><tt>I had kept something that explained some of it and if I can find it send it to you tomorrow. <br><br></tt></div><tt>Your br0 interfaces on the 2 servers you assign an IP and are they different IP addresses?<br><br></tt></div><div><tt>No its not expected to see that error etc. When I have it up its pretty solid.<br></tt></div><div><tt><br></tt></div><div><tt>We can take this offline from the mailer list... just send email directly to each other so we don't bug the other list members.<br><br></tt></div><div><tt>Brian<br><br></tt></div><tt></tt></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 12, 2016 at 6:39 PM, Peter Steele <span dir="ltr"><<a href="mailto:pwsteele@gmail.com" target="_blank">pwsteele@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div><div class="h5">
<tt>On 01/12/2016 01:34 PM, brian mullan wrote:</tt><tt><br>
</tt>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><tt>All I did was install/configure PeerVPN on say
server1 and server2 and make sure they </tt><tt><br>
</tt></div>
<div><tt>connected.</tt><tt><br>
</tt></div>
<p><tt>While logged into each of your servers you should then
be able to ping 10.x.x.x IP address of the other PeerVPN
member server(s) ... assuming you are using PeerVPN as an
L2 VPN and not a L3 VPN.</tt><tt><br>
</tt></p>
<tt>The next step I did was to connect the TEP (tunnel
end-point) to the LXCBR0 or in your case I guess the BR0
bridge to enable </tt><tt><br>
</tt>
<p><tt>containers attached to that bridge to pass data over
the VPN tunnel.</tt></p>
<tt>Since the PeerVPN TEP interface (“peervpn0” in the
Tutorial example) </tt><tt><br>
</tt>
<p><tt>is just like any other Linux ethernet interface we can
use the “ip link”</tt><tt><br>
</tt><tt> command to connect the peervpn0 interface to the
LXC lxcbr0 (or BR0) bridge. You need to do that on both
of your server/instances.</tt><br>
</p>
<tt></tt>
<p style="padding-left:30px"><tt><em><strong>$ sudo ip link
set dev peervpn0 master lxcbr0</strong></em></tt></p>
<tt>or</tt><tt><br>
</tt><tt><br>
</tt><tt><em><strong> $ sudo ip link set dev peervpn0
master br0</strong></em></tt><tt><br>
</tt><tt><br>
</tt></div>
<div><tt>now the 10.x.x.x network (being an L2 VPN) is like one
big ethernet from the LXC container perspective on either
host and you should be able to ping from say cn1 on server1
to cn2 on server2.</tt><tt><br>
</tt><tt><br>
</tt></div>
<div><tt>I wrote up some of what I did a long time ago but I'd
never gone back and updated the info to reflect using a
common dnsmasq for all containers on all host/servers. At
the time I was just trying to see if it worked.</tt><tt><br>
</tt><tt><br>
</tt></div>
<div><tt>I don't know if </tt><tt><a href="https://bmullan.wordpress.com/2015/05/12/proof-of-concept-using-mesh-vpn-to-interconnect-lxc-containers-on-multiple-hosts-on-multiple-clouds/" target="_blank">my
writeup</a></tt><tt> will help.</tt><tt><br>
</tt><tt><br>
</tt></div>
<div><tt>Brian</tt><tt><br>
</tt><tt><br>
</tt></div>
</div>
</blockquote>
</div></div><tt>I've already found your write-up and that pointed me to the
missing ip link command. I've got it to work, although I'm having
somewhat mixed results. For one thing, when I do get communication
to work for containers, I am still unable to ping from a container
on host 1 to a second host. I *can* ping a container in host 2 but
not host 2 itself. I can also ping the host 2 host from host 1,
just not from a container in the host 1. Is this expected? Our
containers also need to be able to communicate with other hosts in
our framework, not just with other containers.<br>
<br>
For some reason, once I have it set up and working, it suddenly
stops working, and I've even had my instance completely hang and
needed to stop/start it. I'm seeing multiple warnings on this sort
appearing on the screen in both of my peervpn sessions:<br>
<br>
[44] warning: recursive packet filtered!<br>
<br>
Is this indicative of some kind of issue or is this expected?<span class="HOEnZb"><font color="#888888"><br>
<br>
Peter<br>
<br>
</font></span></tt>
</div>
</blockquote></div><br></div>