I am trying to duplicate an openvpn (openvpn-2.1rc21 from pkgsrc) router (which works fine) on a xen i386 box (which also seems to work fine for the 7 other domUs). However, I cannot make packets travel a full round trip through the openvpn tunnel. The two basic setups are: You didn't explain a few things, which are therefore things to check: Obviously you should have the dom0 set up to bridge from the dom0 physical interface to xennetN. right? Check that you aren't doing any bridge ipfiltering you don't mean to. You have a working box which is running on one interface. So why are y0u using xennet0 and xennet1? What IP addresses are on both? This makes no sense to me, and isn't part of straightforwardly moing the openvpn router to a domU from physical hardware. You say inbound packets get to servers, and the question is the return packets. You can see them with tcpdump on tun0 on the domU (presumably). But what about on xennet1 on the domU, on xvifN.M on the dom0, and the e.g. bge0 on the dom0? When you run tcpdump on the client, do you not see the tunneled packets? My best guess, with inadequate information, is that there is something funky about NAT due to having two interfaces instead of one on the openvpn router.
Attachment:
pgpPKI7dnfisU.pgp
Description: PGP signature