All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Making the IP range on an OpenVZ VPS available on a dedicated server?
linuxthefish
Member
Hello, I have an OpenVZ VPS with 10 extra IP's, and a Kimsufi with only 1 IP. I would like to make the IP range on my VPS available to use for OpenVZ on the Kimsufi, as I'm running out of nat ports!
The extra IP's on my OpenVZ VPS are 222.222.222.70 - 222.222.222.80 with the main IP being 111.222.111.3.
My Kimsufi's main IP is 111.111.111.131.
The commands I have run so far on my Kimsufi are:
ip tunnel add tun0 mode gre remote 222.222.222.70 local 111.111.111.131 ttl 255
ip link set tun0 up
ip addr add 222.222.222.71/32 dev eth0
ip addr add 222.222.222.72/32 dev eth0
ip addr add 222.222.222.73/32 dev eth0
ip addr add 222.222.222.74/32 dev eth0
ip addr add 222.222.222.75/32 dev eth0
ip addr add 222.222.222.76/32 dev eth0
ip addr add 222.222.222.77/32 dev eth0
ip addr add 222.222.222.78/32 dev eth0
ip addr add 222.222.222.79/32 dev eth0
ip addr add 222.222.222.80/32 dev eth0
ip addr add 10.10.1.1 dev tun0 peer 10.10.1.2
ip route add default via 10.10.1.2 dev tun0 table 100
ip rule add from 222.222.222.64/27 table 100
iptables -A INPUT -p gre -j ACCEPT
The commands I have run on the OpenVZ VPS are:
ip tunnel add tun0 mode gre remote 111.111.111.131 local 222.222.222.70 ttl 255
ip link set tun0 up
ip addr add 10.10.1.2 dev tun0 peer 10.10.1.1
ip route add 222.222.222.64/27 via 10.10.1.1 dev tun0
iptables -A FORWARD -d Y1 -o tun0 -j ACCEPT
iptables -A FORWARD -d 222.222.222.64/27 -o tun0 -j ACCEPT
iptables -A FORWARD -s 222.222.222.64/27 -i tun0 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
I can't ping the IP on either end (10.10.1.1 and 10.10.1.2), and I add the IP's to a container on my Kimsufi. Please help, I've run out of ideas! 
Comments
You could install openvpn in each of the Kimsufi containers and the vps, Route the traffic to the VPS and then use iptables on the vps to route the traffic in/out of the IP of choice
-A PREROUTING -p tcp -d 222.222.222.71 -j DNAT --to 10.10.1.6
-A POSTROUTING -s 10.10.1.6 -j SNAT --to-source 222.222.222.71
EDIT: IPs would stay on the vps. I use this to add fixed IPs to my home server.
Check this guide - http://wiki.buyvm.net/doku.php/gre_tunnel
It's worked for me many times.
With this guide can't you only have 1 IP per GRE tunnel?
Is there a limitation anywhere of one active GRE tunnel? Honest question.
[deleted]
That's simple -
IP1 -
Node with IP's
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p iptunnel add gre1 mode gre local YOUR_FILTERED_IP remote DESTINATION_SERVER_IP ttl 255 ip addr add 192.168.168.1/30 dev gre1 ip link set gre1 upServer the IP is for
iptunnel add gre1 mode gre local DESTINATION_SERVER_IP remote YOUR_FILTERED_IP ttl 255 ip addr add 192.168.168.2/30 dev gre1 ip link set gre1 upIP2 -
Node with IP's
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p iptunnel add gre2 mode gre local YOUR_FILTERED_IP_no2 remote DESTINATION_SERVER_IP ttl 255 ip addr add 192.168.169.1/30 dev gre2 ip link set gre2 upServer the IP is for
iptunnel add gre2 mode gre local DESTINATION_SERVER_IP remote YOUR_FILTERED_IP_no2 ttl 255 ip addr add 192.168.169.2/30 dev gre2 ip link set gre2 upNotice IP2 has
gre2instead of gre1 and192.168.169.instead of 192.168.168I haven't tested this, let me know if it works. It should.
It won't work with one IP
arpsend: 222.222.222.70 is detected on another computer : 00:23:ae:d3:06:davps-net_add WARNING: arpsend -c 1 -w 1 -D -e 222.222.222.70 eth0 FAILED
I tend to ignore that due to servers I run on a VLAN
TINC maybe
vps-net_add WARNING: arpsend -c 1 -w 1 -D -e 222.222.222.70 eth0 FAILED
ifconfig eth0 -arp