Tracker Item History

View Tracker Item

Version

Date

User

Field ID

Field

Difference

2018-10-20 10:58

Marc Laporte

Make app-kimchi Check and Fix Missing KVM Settings

2018-01-13 23:48

techana

Details

	- VM cannot access intranet services.		- VM cannot access intranet services.
-	The ~~best~~ scenario is number 2 above; each VM has one vNIC connected to clearOS internal NIC and solve all the cons currently found in such setup. This means configuring the clearOS to deal with VMs as normal LAN clients, so that it provides them with IPs and routes their traffics between its NICs. This will make the VMs be able to access the Internet and the intranet and will also allow the LAN clients to access the VMs.	+	The scenario worth fixing is number 2 above; each VM has one vNIC connected to clearOS internal NIC and solve all the cons currently found in such setup. This means configuring the clearOS to deal with VMs as normal LAN clients, so that it provides them with IPs and routes their traffics between its NICs. This will make the VMs be able to access the Internet and the intranet and will also allow the LAN clients to access the VMs.
	Thank you.		Thank you.

2018-01-13 23:39

techana

Description

ClearOS in Gateway Refuses to Route KVMs

ClearOS in Gateway Mode Refuses to Route KVMs

Details

	As I elaborated before, clearOS gateway is currently having issues with KVM bridges. This leaves us with one feasible option for VMs networking for now, which is macvtap.		As I elaborated before, clearOS gateway is currently having issues with KVM bridges. This leaves us with one feasible option for VMs networking for now, which is macvtap.
-	One can add two networks to KVM/Kimchi of macvtap type. Each network is associated with one clearOS NIC. A virtual machine (VM) can hence be setup to have 1 or 2 virtual ~~NIC~~(s). Here is a summery of the pros and cons of each setup:	+	One can add two networks to KVM/Kimchi of macvtap type. Each network is associated with one clearOS NIC. A virtual machine (VM) can hence be setup to have 1 or 2 virtual NICs (vNIC). Here is a summery of the pros and cons of each setup:
	1) One vNIC connected to clearOS' External NIC:		1) One vNIC connected to clearOS' External NIC:
	Cons:		Cons:
-	- VM cannot access intranet services, unless the ports for these services are wide opened for the Internet. This a big security concern.	+	- VM cannot access intranet services, unless the ports for these services are wide opened for the Internet. This is a big security concern.
	- LAN clients behind the clearOS server cannot access VM via local IP. They can only access it using its Internet address if any.		- LAN clients behind the clearOS server cannot access VM via local IP. They can only access it using its Internet address if any.
	2) One vNIC connected to clearOS' Internal NIC:		2) One vNIC connected to clearOS' Internal NIC:
	Pros:		Pros:
-	- VM can access the LAN.
	- LAN clients can access the VM (remote desktop, VNC, web services, etc.)		- LAN clients can access the VM (remote desktop, VNC, web services, etc.)
	- VM cannot access intranet services.		- VM cannot access intranet services.
-	The best scenario is ~~to have VMs with~~ one vNIC ~~each~~ connected to clearOS internal ~~NIC (number 2 above)~~ and solve all the cons currently found in such setup. This means configuring the clearOS to ~~accept~~ VMs as normal LAN ~~clients and provide~~ them IPs and ~~route~~ their ~~traffics~~. This will make VMs be able to access the Internet and the intranet and will also allow LAN clients to access the VMs.	+	The best scenario is number 2 above; each VM has one vNIC connected to clearOS internal NIC and solve all the cons currently found in such setup. This means configuring the clearOS to deal with VMs as normal LAN clients, so that it provides them with IPs and routes their traffics between its NICs. This will make the VMs be able to access the Internet and the intranet and will also allow the LAN clients to access the VMs.
	Thank you.		Thank you.