Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPSec on OpenVZ
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPSec on OpenVZ

Nick_ANick_A Member, Top Host, Host Rep
edited July 2012 in General

I have read that OpenVZ does not support IPSec, but I've also read some documentation that suggests it's possible with the right modules enabled on the host node. Are any other OpenVZ hosts able to successfully enable IPSec for their containers? What modules need to be enabled if so?

We tried installing a few modules and running "ipsec verify" inside a container. The script reported that ipsec should work, but it doesn't seem to be so far.

«1

Comments

  • What is the point of using IPSec rather than just TUN/TAP? Just curious.

  • Nick_ANick_A Member, Top Host, Host Rep

    Someone wanted to use Openswan and IPSec on our containers.

    @AsadHaider yes

  • What's the point of getting openvz when you can get xen/KVM at the same price or just $1-2 more.

  • Nick_ANick_A Member, Top Host, Host Rep

    Oh boy, please don't take this thread in that direction :/

    Thanked by 2mpkossen doughmanes
  • @cosmicgate: it depends on what you use it for.

  • jarjar Patron Provider, Top Host, Veteran

    @Nick_A Yeah what's the problem? Just buy him a new node and plan this one for KVM allotments. You can write a new business plan in like an hour right?

    Thanked by 1Nick_A
  • @Nick_A said: Oh boy, please don't take this thread in that direction :/

    Welcome to LET :)

  • Nick_A 10:36AM
    Oh boy, please don't take this thread in that direction :/

    Didn't mean to be offensive. Didn't know you are a provider. Your comment didn't show while I was posting that.

  • Nick_ANick_A Member, Top Host, Host Rep

    No problem - just didn't want this thread to turn into a KVM vs Xen vs OpenVZ debate.

  • I'm so sorry to bump this 1 year old thread, but has anyone got it working on OpenVz? @Nick_A?

  • @Nick_A said:
    No problem - just didn't want this thread to turn into a KVM vs Xen vs OpenVZ debate.

    No, I think it'll be a: "We can get OpenVZ for $7 for 4GB, you should be able to do KVM for $7 for 3GB and also $12/year for KVM 256/MB. Give me the plan now!".

    Had plenty of these received.

  • perennateperennate Member, Host Rep

    @concerto49 said:
    Had plenty of these received.

    A year ago? :)

  • @perennate said:
    A year ago? :)

    Like constantly. Get something like "I'm currently with provider x, but always down. Would like to try you. I demand a 7 day trial of your service and for you to offer it at the same price but not go down."

  • SplitIceSplitIce Member, Host Rep

    I think we all get those @concerto49

  • Hey Nick, Francisco did this in BuyVM. How about contacting him? :)

  • yywudiyywudi Member

    you mean buyvm support l2tp ipsec in their ovz vps?

    @ErawanArifNugroho said:
    Hey Nick, Francisco did this in BuyVM. How about contacting him? :)

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited July 2013

    @yywudi said:
    you mean buyvm support l2tp ipsec in their ovz vps?

    We're just finalizing things and getting a guide cleaned up but yes :)

    Francisco

  • yywudiyywudi Member

    Oh great! that's then another reason to stay with buyvm.
    i just want to have a try if you r ready for this.

    @Francisco said:
    Francisco

  • @zhuanyi said:
    What is the point of using IPSec rather than just TUN/TAP? Just curious.

    IpSec is network layer, includes headers, and spans between packets.

  • anyNodeanyNode Member, Host Rep
    edited July 2013

    @concerto49 said:
    Like constantly. Get something like "I'm currently with provider x, but always down. Would like to try you. I demand a 7 day trial of your service and for you to offer it at the same price but not go down."

    This:

    I have used 4 vps's so far and all were openvz and had same issue website down.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @yywudi said:
    Oh great! that's then another reason to stay with buyvm.
    i just want to have a try if you r ready for this.

    Rolled this out earlier tonight :) Please check our guide at http://wiki.buyvm.net/doku.php/ipsec

  • IPSec works on openvz; Doesn't it?

    I personally haven't seen any clients raising any issues, An have quite few clients using varations of vpn services.

  • @Francisco said:
    Rolled this out earlier tonight :) Please check our guide at http://wiki.buyvm.net/doku.php/ipsec

    Just have to say this.

    Motherfucker, you do good work. I hope you continue.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @VPSSimon said:
    IPSec works on openvz; Doesn't it?

    I personally haven't seen any clients raising any issues, An have quite few clients using varations of vpn services.

    Not without work on the node side.

    Francisco

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Rallias said:
    Motherfucker, you do good work. I hope you continue.

    Word to your mother.

    Francisco

  • yywudiyywudi Member

    only support 64bit system? install ipsec openswan directly and the kernel already support ipsec? do we need to reinstall OS to get kernel support?

    @Francisco said:
    Rolled this out earlier tonight :) Please check our guide at http://wiki.buyvm.net/doku.php/ipsec

  • SplitIceSplitIce Member, Host Rep
    edited July 2013

    Correct it will only work on the same architecture as the host node (so 64bit).

  • FranciscoFrancisco Top Host, Host Rep, Veteran
    edited July 2013

    @yywudi said:
    only support 64bit system? install ipsec openswan directly and the kernel already support ipsec? do we need to reinstall OS to get kernel support?

    Right. If you're on 64bit you're fine. I've heard the xl2tpd (1.2.8) on ubuntu is partially broken so it may cause you issues. There isn't any reboots or tickets needed for ipsec support.

    Francisco

  • @concerto49 said:
    Like constantly. Get something like "I'm currently with provider x, but always down. Would like to try you. I demand a 7 day trial of your service and for you to offer it at the same price but not go down."

    It hurts me :'(

Sign In or Register to comment.