gemelen | Entries tagged with sysadm

As usually, solution was simplier than I thought :)
1. Create zone with config like this:

{
  "brand": "joyent",
  ...
  "image_uuid": "87b9f4ac-5385-11e3-a304-fb868b82fe10",
  ...
  "nics": [
          {
            "physical": "net0",
            "nic_tag": "admin",
            "mac": "<virtual mac-addr>",
            "ip": "<failover-ip>",
            "netmask": "255.255.255.255",
            "gateway": "<failover-ip>",
            "primary": true
          }
  ],
  ...
}

2. zlogin and enter

   route add <server-ip three octets>.0/24 <failover-ip> -interface
   route add default <server-ip three octets>.254

3. After that our new zone is discoverable from internet.

Crossposts: http://gemelen.livejournal.com/130320.html

Via
ovh docs,
smartos wiki
and search results.
1. Create "Virtual Mac" in web-manager (type doesnt matter) and assign obtained failover ip to it
2. Login and execute in global zone:
a. create vnic

  dladm create-vnic -m <virtual mac-addr> -l <real nic name> <new vnic name>

b. assign failover-ip

  ifconfig <new vnic name> plumb
  ifconfig <new vnic name> inet <failover-ip> netmask 255.255.255.255 broadcast <failover-ip> up

c. Add routes (in assume that default route already exists)

  route add <server-ip three octets>.0/24 <failover-ip> -interface -ifp <new vnic name>
  routeadm -e ipv4-forwarding
  routeadm -e ipv4-routing
  routeadm -u

4.[Optional] Persist configuration with some custom smf sciprts

Current Music: Terminal Choice - Life Full Of Tragedy
Crossposts: http://gemelen.livejournal.com/129803.html

dig @ns-server domain AXFR

Current Music: Hocico - El Canto Debajo de la Tierra
Crossposts: http://gemelen.livejournal.com/63984.html

OpenVPN server:

mode server
port 5190 # порт с отсутствием тарификации
proto tcp # по той же причине
dev tun
topology subnet # клиенты все в одной подсети
# ключи
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/amber.crt
key /etc/openvpn/keys/amber.key
dh /etc/openvpn/keys/dh1024.pem
# более чем один коннект по одному и тому же ключу
duplicate-cn
# подсеть для клиентов и адреса дальнего конца туннеля
server 192.168.99.0 255.255.255.0
# протолкнуть на клиента гейт
push "redirect-gateway"

client-config-dir /etc/openvpn/ccd
# роут на клиентскую подсеть для сервера
route 192.168.99.0 255.255.255.0
# клиенты могут видеть друг друга
client-to-client

keepalive 10 120

comp-lzo
max-clients 10
user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log
log        /var/log/openvpn/openvpn.log
verb 4

OpenVPN client (Windows):

client
dev tun
proto tcp
remote < address >
rport 5190
comp-lzo
redirect-gateway def1
ca "C:\Program Files\OpenVPN\keys\ca.crt"
cert "C:\Program Files\OpenVPN\keys\gemelen.crt"
key "C:\Program Files\OpenVPN\keys\gemelen.key"

Маскируем пришедшие из туннеля пакеты белым IP VPS. Для openSuSE: /etc/sysconfig/SuSEfirewall2 - установка FW_ROUTE, FW_MASQUERADE, FW_MASQ_DEV, FW_MASQ_NETS и при политики DROP добавление порта для сервера OpenVPN в списке FW_SERVICES_EXT_TCP.

Current Music: Спасибо, господин Президент
Crossposts: http://gemelen.livejournal.com/61592.html

Amber

Entries tagged with sysadm

SmartOS@OVH

smartos@ovh failover nic

Get zone

OpenVPN & VPS with direct white IP

Profile

June 2025

Syndicate

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags