Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng - View Single Post - Cấu hình hỗ trợ TUN/TAP trong Container cài đặt VPN

13-03-2012, 12:29 PM

Cấu hình hỗ trợ TUN/TAP trong Container cài đặt VPN

Link tham khảo bài viết

http://kb.parallels.com/en/696

----- Added 13-03-2012 at 11:27 AM -----

Case1:

It appears that initiating load of the tun module in the /etc/rc.local is too late, as now tun module gets loaded the last one:
================================================== =====
[root@rs00076 rc2.d]# lsmod | egrep "^vz|tun"
tun 83840 2
vztable 37376 1 slm_core
vzredir 64652 0
vzcompat 35968 0
vzrst 230160 1 slm_dmprst
vziolimit 37632 0
vzsnap 51336 0
vzcpt 173368 2 slm_dmprst,vzsnap
vzfs 137384 8117 vzsnap,vzcpt
vzevent 37136 1 vzfs
vzdquota 78840 15 vzfs,[permanent]
vzlinkdev 38528 0
vzethdev 47520 0
vzlist 37504 0
vznet 65720 30 vzredir,vzlist
vzstat 45704 0
vznetstat 74668 3 vzredir,vznet,ip_vznetstat
vzmon 84248 19 vzrst,vzcpt,vzlist,vznet,vzstat
vzdev 36872 18 slm_if,vzredir,vzcompat,vziolimit,vzsnap,vzfs,vzdq uota,vzethdev,vzlist,vznet,vznetstat,vzmon
================================================== =====

So I went through couple of manuals and added a script to /etc/rc2.d/ to make it load prior to vz service.
Following commands were executed.
This creates an text file in /etc/init.d/ with name loadtun. Inside there is a command to load tun module:
================================================== =====
echo "/sbin/modprobe tun" > /etc/init.d/loadtun
================================================== =====
This command makes our text file an executable script:
================================================== =====
chmod +x /etc/init.d/loadtun
================================================== =====
This command puts a link to our file into the /etc/rc2.d/
================================================== =====
ln -s /etc/init.d/loadtun /etc/rc2.d/S50loadtun
================================================== =====

Link's name is S50loadtun. That is important.
First letter, S means that this will be started.
Next value - 50 - means the order to start this script. It will be started with the order 50. Lets check if it prior to vz:
================================================== =====

----- Added 13-03-2012 at 11:28 AM -----

Case 2: Check OK

[root@rs00076 ~]# lsmod | egrep '^vz|tun'
vztable 37376 1 slm_core
vzredir 64652 0
vzcompat 35968 0
vzrst 230160 1 slm_dmprst
vziolimit 37632 0
vzsnap 51336 0
vzcpt 173368 2 slm_dmprst,vzsnap
vzfs 137384 5711 vzsnap,vzcpt
vzevent 37136 1 vzfs
vzdquota 78840 10 vzfs,[permanent]
vzlinkdev 38528 0
vzethdev 47520 0
vzlist 37504 0
vznet 65720 20 vzredir,vzlist
vzstat 45704 0
vznetstat 74668 3 vzredir,vznet,ip_vznetstat
vzmon 84248 14 vzrst,vzcpt,vzlist,vznet,vzstat
vzdev 36872 18 slm_if,vzredir,vzcompat,vziolimit,vzsnap,vzfs,vzdq uota,vzethdev,vzlist,vznet,vznetstat,vzmon
tun 83840 2

tun is loading now before vzfs. Also
[root@rs00076 ~]# modprobe tun
doesn't give any error.

tun has also been configured for the container:

-bash-3.2# ls -la /dev/net/tun
crw------- 1 root root 10, 200 Mar 12 15:20 /dev/net/tun

----- Added 13-03-2012 at 11:29 AM -----
Case 3: Update

Actually the steps are almost the same as I described earlier, but with one difference, I was wrong when applied my workaround to runlevel 2 (put script to /etc/rc2.d/), when your server was actually running on runlevel 3(script should be in /etc/rc3.d/).

Following commands are to be applied in your case:
echo "/sbin/modprobe tun" > /etc/init.d/loadtun
chmod +x /etc/init.d/loadtun
ln -s /etc/init.d/loadtun /etc/rc3.d/S11loadtun

Then after the reboot modules will be loaded in appropriate order and you will be able to use VPN in the containers.

13-03-2012, 12:29 PM	#1
hoctinhoc Guest Trả Lời: n/a	Cấu hình hỗ trợ TUN/TAP trong Container cài đặt VPN Cấu hình hỗ trợ TUN/TAP trong Container cài đặt VPN Link tham khảo bài viết http://kb.parallels.com/en/696 ----- Added 13-03-2012 at 11:27 AM ----- Case1: It appears that initiating load of the tun module in the /etc/rc.local is too late, as now tun module gets loaded the last one: ================================================== ===== [root@rs00076 rc2.d]# lsmod \| egrep "^vz\|tun" tun 83840 2 vztable 37376 1 slm_core vzredir 64652 0 vzcompat 35968 0 vzrst 230160 1 slm_dmprst vziolimit 37632 0 vzsnap 51336 0 vzcpt 173368 2 slm_dmprst,vzsnap vzfs 137384 8117 vzsnap,vzcpt vzevent 37136 1 vzfs vzdquota 78840 15 vzfs,[permanent] vzlinkdev 38528 0 vzethdev 47520 0 vzlist 37504 0 vznet 65720 30 vzredir,vzlist vzstat 45704 0 vznetstat 74668 3 vzredir,vznet,ip_vznetstat vzmon 84248 19 vzrst,vzcpt,vzlist,vznet,vzstat vzdev 36872 18 slm_if,vzredir,vzcompat,vziolimit,vzsnap,vzfs,vzdq uota,vzethdev,vzlist,vznet,vznetstat,vzmon ================================================== ===== So I went through couple of manuals and added a script to /etc/rc2.d/ to make it load prior to vz service. Following commands were executed. This creates an text file in /etc/init.d/ with name loadtun. Inside there is a command to load tun module: ================================================== ===== echo "/sbin/modprobe tun" > /etc/init.d/loadtun ================================================== ===== This command makes our text file an executable script: ================================================== ===== chmod +x /etc/init.d/loadtun ================================================== ===== This command puts a link to our file into the /etc/rc2.d/ ================================================== ===== ln -s /etc/init.d/loadtun /etc/rc2.d/S50loadtun ================================================== ===== Link's name is S50loadtun. That is important. First letter, S means that this will be started. Next value - 50 - means the order to start this script. It will be started with the order 50. Lets check if it prior to vz: ================================================== ===== ----- Added 13-03-2012 at 11:28 AM ----- Case 2: Check OK [root@rs00076 ~]# lsmod \| egrep '^vz\|tun' vztable 37376 1 slm_core vzredir 64652 0 vzcompat 35968 0 vzrst 230160 1 slm_dmprst vziolimit 37632 0 vzsnap 51336 0 vzcpt 173368 2 slm_dmprst,vzsnap vzfs 137384 5711 vzsnap,vzcpt vzevent 37136 1 vzfs vzdquota 78840 10 vzfs,[permanent] vzlinkdev 38528 0 vzethdev 47520 0 vzlist 37504 0 vznet 65720 20 vzredir,vzlist vzstat 45704 0 vznetstat 74668 3 vzredir,vznet,ip_vznetstat vzmon 84248 14 vzrst,vzcpt,vzlist,vznet,vzstat vzdev 36872 18 slm_if,vzredir,vzcompat,vziolimit,vzsnap,vzfs,vzdq uota,vzethdev,vzlist,vznet,vznetstat,vzmon tun 83840 2 tun is loading now before vzfs. Also [root@rs00076 ~]# modprobe tun doesn't give any error. tun has also been configured for the container: -bash-3.2# ls -la /dev/net/tun crw------- 1 root root 10, 200 Mar 12 15:20 /dev/net/tun ----- Added 13-03-2012 at 11:29 AM ----- Case 3: Update Actually the steps are almost the same as I described earlier, but with one difference, I was wrong when applied my workaround to runlevel 2 (put script to /etc/rc2.d/), when your server was actually running on runlevel 3(script should be in /etc/rc3.d/). Following commands are to be applied in your case: echo "/sbin/modprobe tun" > /etc/init.d/loadtun chmod +x /etc/init.d/loadtun ln -s /etc/init.d/loadtun /etc/rc3.d/S11loadtun Then after the reboot modules will be loaded in appropriate order and you will be able to use VPN in the containers. Last edited by hoctinhoc; 13-03-2012 at 12:29 PM.. Lý do: Hệ thống tự động gộp 2 bài viết liền nhau của bạn !