On Thu, 2024-12-12 at 10:09 +0000, Zé Loff wrote: > On Wed, Dec 11, 2024 at 11:41:26PM +0100, ASV wrote: > > On Wed, 2024-12-11 at 20:43 +0000, Zé Loff wrote: > > > > > > On Wed, Dec 11, 2024 at 07:49:13PM +0100, ASV wrote: > > > > Hi everyone, > > > > I'm stuck on trying to use an alias from a VM. Everything works > > > > from > > > > its main ip address 10.0.0.53 but from an alias, in this case > > > > 172.16.20.1, I can't manage to make comms going out from it. > > > > > > > > For example with "ping -I 172.16.20.1 <whatever-ip>" or openvpn > > > > binding > > > > from it. There's no firewall active and there is no block from > > > > the > > > > border firewall for that IP address. At this point I'm > > > > wondering if > > > > that could work at all. > > > > > > > > For the record the configuration of the VM is pretty much based > > > > on > > > > the > > > > "Option 4" of the official OpenBSD guide at > > > > https://www.openbsd.org/faq/faq16.html#VMMnet > > > > > > > > any hing would be appreciated. > > > > Thank you. > > > > > > > > > > > > > > > > *** VSWITCH configuration > > > > veb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> > > > > description: switch1-SWITCH01 > > > > index 7 llprio 3 > > > > groups: veb > > > > em1 flags=3<LEARNING,DISCOVER> > > > > port 2 ifpriority 0 ifcost 0 > > > > vport0 flags=3<LEARNING,DISCOVER> > > > > port 8 ifpriority 0 ifcost 0 > > > > tap0 flags=3<LEARNING,DISCOVER> > > > > port 11 ifpriority 0 ifcost 0 > > > > vport0: > > > > flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> > > > > mtu > > > > 1500 > > > > lladdr fe:e1:ba:d0:fa:31 > > > > description: INTERNAL > > > > index 8 priority 0 llprio 3 > > > > groups: vport > > > > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > > > > > > > > *** VM configuration > > > > switch "SWITCH01" { > > > > interface veb0 > > > > } > > > > vm "VM-01" { > > > > memory 800M > > > > enable > > > > disk /root/VM-01.qcow2 > > > > interfaces 1 > > > > interface { switch "SWITCH01" } > > > > } > > > > > > > > *** VM NIC output > > > > vio0: > > > > flags=808b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULT > > > > ICAS > > > > T,AU > > > > TOCONF4> mtu 1500 > > > > lladdr fe:e1:bb:d1:0a:30 > > > > index 1 priority 0 llprio 3 > > > > groups: egress > > > > media: Ethernet autoselect > > > > status: active > > > > inet 10.0.0.53 netmask 0xffffff00 broadcast 10.0.0.255 > > > > inet 172.16.20.1 netmask 0xffffffff > > > > > > > > > > That alias's netmask doesn't look right to me. Also, does the VM > > > host > > > have an appropriate routing rule for that subnet? What does > > > "route > > > get > > > 172.16.20.1" say? > > > > > > > > > > Hi, below the command output. About the netmask, IIRC the alias > > comes > > with a /32 subnet. > > > > # route get 172.16.20.1 > > route to: 172.16.20.1 > > destination: 172.16.20.1 > > mask: 255.255.255.255 > > interface: vio0 > > if address: 172.16.20.1 > > priority: 1 (local) > > flags: <UP,HOST,DONE,LLINFO,LOCAL> > > use mtu expire > > 44 0 0 > > Apologies for not being clear enough. By VM host I mean the machine > hosting the VMs -- the one with the veb -- not the VM itself. That > machine needs to know that packets for 172.16.20.1 need to go out > through either vport0 or em1 (not sure if you need them both on the > veb, > and you haven't posted em1's configuration). > > If the VM host has no interfaces on the same subnet as the VM's vio0 > (i.e. on 172.16.20.1/32), nor a specific routing rule for that > subnet, > it will use its default route when sending packets to it. That's why > you need to (1) add a routing rule for packets destined to > 172.16.20.1/32, or (2) configure one of the interfaces on veb0 with > an > address (or alias) on the same subnet as 172.16.20.1/32. But since a > /32 subnet holds only one IP, you can't do the latter. > > So, in summary, just tell the VM host to route packets to 172.16.20.1 > through vport0: > > route add 172.20.16.1/32 10.0.0.1 > > Or (preferred) change vio0's subnet to something wider (anything from > \24 to \30, depending on your needs), and add an alias to vport0 on > that > range. I don't get the point of aliasing both interfaces (why not > just > use 10.0.0.0/24?), but that's a different discussion. > > Thanks a lot for the explanation, I'll work on it as soon as I can! And yes I misunderstood the subnet definition on the aliases.
Thanks again.
