On Wed, Dec 11, 2024 at 11:41:26PM +0100, ASV wrote: > On Wed, 2024-12-11 at 20:43 +0000, Zé Loff wrote: > > > > On Wed, Dec 11, 2024 at 07:49:13PM +0100, ASV wrote: > > > Hi everyone, > > > I'm stuck on trying to use an alias from a VM. Everything works > > > from > > > its main ip address 10.0.0.53 but from an alias, in this case > > > 172.16.20.1, I can't manage to make comms going out from it. > > > > > > For example with "ping -I 172.16.20.1 <whatever-ip>" or openvpn > > > binding > > > from it. There's no firewall active and there is no block from the > > > border firewall for that IP address. At this point I'm wondering if > > > that could work at all. > > > > > > For the record the configuration of the VM is pretty much based on > > > the > > > "Option 4" of the official OpenBSD guide at > > > https://www.openbsd.org/faq/faq16.html#VMMnet > > > > > > any hing would be appreciated. > > > Thank you. > > > > > > > > > > > > *** VSWITCH configuration > > > veb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> > > > description: switch1-SWITCH01 > > > index 7 llprio 3 > > > groups: veb > > > em1 flags=3<LEARNING,DISCOVER> > > > port 2 ifpriority 0 ifcost 0 > > > vport0 flags=3<LEARNING,DISCOVER> > > > port 8 ifpriority 0 ifcost 0 > > > tap0 flags=3<LEARNING,DISCOVER> > > > port 11 ifpriority 0 ifcost 0 > > > vport0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> > > > mtu > > > 1500 > > > lladdr fe:e1:ba:d0:fa:31 > > > description: INTERNAL > > > index 8 priority 0 llprio 3 > > > groups: vport > > > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > > > > > > *** VM configuration > > > switch "SWITCH01" { > > > interface veb0 > > > } > > > vm "VM-01" { > > > memory 800M > > > enable > > > disk /root/VM-01.qcow2 > > > interfaces 1 > > > interface { switch "SWITCH01" } > > > } > > > > > > *** VM NIC output > > > vio0: > > > flags=808b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAS > > > T,AU > > > TOCONF4> mtu 1500 > > > lladdr fe:e1:bb:d1:0a:30 > > > index 1 priority 0 llprio 3 > > > groups: egress > > > media: Ethernet autoselect > > > status: active > > > inet 10.0.0.53 netmask 0xffffff00 broadcast 10.0.0.255 > > > inet 172.16.20.1 netmask 0xffffffff > > > > > > > That alias's netmask doesn't look right to me. Also, does the VM > > host > > have an appropriate routing rule for that subnet? What does "route > > get > > 172.16.20.1" say? > > > > > > Hi, below the command output. About the netmask, IIRC the alias comes > with a /32 subnet. > > # route get 172.16.20.1 > route to: 172.16.20.1 > destination: 172.16.20.1 > mask: 255.255.255.255 > interface: vio0 > if address: 172.16.20.1 > priority: 1 (local) > flags: <UP,HOST,DONE,LLINFO,LOCAL> > use mtu expire > 44 0 0
Apologies for not being clear enough. By VM host I mean the machine hosting the VMs -- the one with the veb -- not the VM itself. That machine needs to know that packets for 172.16.20.1 need to go out through either vport0 or em1 (not sure if you need them both on the veb, and you haven't posted em1's configuration). If the VM host has no interfaces on the same subnet as the VM's vio0 (i.e. on 172.16.20.1/32), nor a specific routing rule for that subnet, it will use its default route when sending packets to it. That's why you need to (1) add a routing rule for packets destined to 172.16.20.1/32, or (2) configure one of the interfaces on veb0 with an address (or alias) on the same subnet as 172.16.20.1/32. But since a /32 subnet holds only one IP, you can't do the latter. So, in summary, just tell the VM host to route packets to 172.16.20.1 through vport0: route add 172.20.16.1/32 10.0.0.1 Or (preferred) change vio0's subnet to something wider (anything from \24 to \30, depending on your needs), and add an alias to vport0 on that range. I don't get the point of aliasing both interfaces (why not just use 10.0.0.0/24?), but that's a different discussion. --
