Hi, On Mon, May 07, 2012 at 09:03:17PM -0400, Tom Kent wrote: > The idea I had, and wanted to run by, was if it would be possible to > integrate an openvpn client into the hypervisor's virtual network card. > This would make it so that from the moment the VM boots up, it is only > connected to the private LAN served by the OpenVPN server. The VM would see > just another NIC, but instead of routing the data directly to the > Hypervisor's NIC (tap) or NATing it or whatever, it would go to an OpenVPN > client library (that wouldn't need a tun/tap device on the hypervisor) > which sends the data to the server over the udp connection.
If your hypervisor uses a tap interface, you can just have openvpn use
that tap interface "right away". So don't bridge tap0 to eth0 on the
Hypervisor, but just have tap0 available for the VMs, and run OpenVPN
with "--dev tap0".
This might be somewhat more expensive performance-wise - but it will
be much cheaper programmer-time-wise, as all you need is already there
and well-tested :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpqRN9nrhULg.pgp
Description: PGP signature
