KVM VM traffic over host's Tinc VPN

Eric Wiggins ewiggi2 at lsu.edu
Thu Aug 16 17:59:16 CEST 2012 

Guus,

That did the trick!! Everything seems to be working perfectly now.

I love it when a bang my head against a problem for a week and then the 
solution turns out to be so simple :)

Thanks very much for your time!

Eric




On 08/15/2012 04:12 PM, Guus Sliepen wrote:
> On Wed, Aug 15, 2012 at 03:12:37PM -0500, Eric Wiggins wrote:
>
>> I'm trying to set up a Tinc VPN between two KVM host machines so
>> that a VM on one host can communicate with a VM on the other host.
> [...]
>> At this point, Tinc seems to work. Pings from host1 to 10.90.42.242
>> are replied to, and pings from host2 to 10.90.41.241 are replied to.
>>
>> Now to set up networking for the VMs...
>>
>> My first thought was to simply bridge the VM connection to the VPN
>> interface.
> [...]
>> Restarted Tincd on both hosts and tried my pings again. They worked,
>> so I tried to bridge the new tun0 device.
>>
>>          [root at host1 test]# brctl addif br0 tun0
>>          can't add tun0 to bridge br0: Invalid argument
> The reason for this is indeed that tinc creates a tun interface, which does not
> work in a bridge.
>
>> No dice, again. So I tried to specify as a tap device in tinc.conf:
>>
>> host1 tinc.conf:
>>
>>          Name = host1
>>          DeviceType = tap
>>          Interface = tap0
>>          ConnectTo = host2
> [...]
>> So it looks like the ping is actually getting from host1 to host2,
>> but host2 doesn't realize it's there. WTH?
> The reason is that tinc is still in router mode. You should not use the
> DeviceType option, but rather use "Mode = switch". This will automatically
> create a tap interface and will let tinc act like a network switch. That should
> resolve your problems.
>
> However, depending on what you want exactly, you can also do without tap
> devices at all. Since version 1.0.17, tinc has the ability to connect to a VDE
> switch. KVM can do so as well. So you can set up a VDE switch and have both
> tinc and KVM use that. You still want to run tinc in switch mode in that case.
>
>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120816/48799944/attachment.html>

More information about the tinc mailing list