KVM VM traffic over host's Tinc VPN
Guus Sliepen
guus at tinc-vpn.org
Wed Aug 15 23:12:34 CEST 2012
On Wed, Aug 15, 2012 at 03:12:37PM -0500, Eric Wiggins wrote:
> I'm trying to set up a Tinc VPN between two KVM host machines so
> that a VM on one host can communicate with a VM on the other host.
[...]
> At this point, Tinc seems to work. Pings from host1 to 10.90.42.242
> are replied to, and pings from host2 to 10.90.41.241 are replied to.
>
> Now to set up networking for the VMs...
>
> My first thought was to simply bridge the VM connection to the VPN
> interface.
[...]
> Restarted Tincd on both hosts and tried my pings again. They worked,
> so I tried to bridge the new tun0 device.
>
> [root at host1 test]# brctl addif br0 tun0
> can't add tun0 to bridge br0: Invalid argument
The reason for this is indeed that tinc creates a tun interface, which does not
work in a bridge.
> No dice, again. So I tried to specify as a tap device in tinc.conf:
>
> host1 tinc.conf:
>
> Name = host1
> DeviceType = tap
> Interface = tap0
> ConnectTo = host2
[...]
> So it looks like the ping is actually getting from host1 to host2,
> but host2 doesn't realize it's there. WTH?
The reason is that tinc is still in router mode. You should not use the
DeviceType option, but rather use "Mode = switch". This will automatically
create a tap interface and will let tinc act like a network switch. That should
resolve your problems.
However, depending on what you want exactly, you can also do without tap
devices at all. Since version 1.0.17, tinc has the ability to connect to a VDE
switch. KVM can do so as well. So you can set up a VDE switch and have both
tinc and KVM use that. You still want to run tinc in switch mode in that case.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120815/85e77153/attachment.pgp>
More information about the tinc
mailing list