gemelen: (Default)
As usually, solution was simplier than I thought :)
1. Create zone with config like this:
{
  "brand": "joyent",
  ...
  "image_uuid": "87b9f4ac-5385-11e3-a304-fb868b82fe10",
  ...
  "nics": [
          {
            "physical": "net0",
            "nic_tag": "admin",
            "mac": "<virtual mac-addr>",
            "ip": "<failover-ip>",
            "netmask": "255.255.255.255",
            "gateway": "<failover-ip>",
            "primary": true
          }
  ],
  ...
}

2. zlogin and enter
   route add <server-ip three octets>.0/24 <failover-ip> -interface
   route add default <server-ip three octets>.254

3. After that our new zone is discoverable from internet.
gemelen: (Default)
Via
ovh docs,
smartos wiki
and search results.
1. Create "Virtual Mac" in web-manager (type doesnt matter) and assign obtained failover ip to it
2. Login and execute in global zone:
a. create vnic
  dladm create-vnic -m <virtual mac-addr> -l <real nic name> <new vnic name>

b. assign failover-ip
  ifconfig <new vnic name> plumb
  ifconfig <new vnic name> inet <failover-ip> netmask 255.255.255.255 broadcast <failover-ip> up

c. Add routes (in assume that default route already exists)
  route add <server-ip three octets>.0/24 <failover-ip> -interface -ifp <new vnic name>
  routeadm -e ipv4-forwarding
  routeadm -e ipv4-routing
  routeadm -u

4.[Optional] Persist configuration with some custom smf sciprts
gemelen: (Default)
dig @ns-server domain AXFR
gemelen: (Default)
OpenVPN server:
mode server
port 5190 # порт с отсутствием тарификации
proto tcp # по той же причине
dev tun
topology subnet # клиенты все в одной подсети
# ключи
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/amber.crt
key /etc/openvpn/keys/amber.key
dh /etc/openvpn/keys/dh1024.pem
# более чем один коннект по одному и тому же ключу
duplicate-cn
# подсеть для клиентов и адреса дальнего конца туннеля
server 192.168.99.0 255.255.255.0
# протолкнуть на клиента гейт
push "redirect-gateway"

client-config-dir /etc/openvpn/ccd
# роут на клиентскую подсеть для сервера
route 192.168.99.0 255.255.255.0
# клиенты могут видеть друг друга
client-to-client

keepalive 10 120

comp-lzo
max-clients 10
user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log
log        /var/log/openvpn/openvpn.log
verb 4



OpenVPN client (Windows):
client
dev tun
proto tcp
remote < address >
rport 5190
comp-lzo
redirect-gateway def1
ca "C:\Program Files\OpenVPN\keys\ca.crt"
cert "C:\Program Files\OpenVPN\keys\gemelen.crt"
key "C:\Program Files\OpenVPN\keys\gemelen.key"



Маскируем пришедшие из туннеля пакеты белым IP VPS. Для openSuSE: /etc/sysconfig/SuSEfirewall2 - установка FW_ROUTE, FW_MASQUERADE, FW_MASQ_DEV, FW_MASQ_NETS и при политики DROP добавление порта для сервера OpenVPN в списке FW_SERVICES_EXT_TCP.

Profile

gemelen: (Default)
gemelen

October 2017

M T W T F S S
      1
2345 678
9101112131415
16171819202122
23242526272829
3031     

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 21st, 2017 19:29
Powered by Dreamwidth Studios