Ask Your Question

Accessing instances inside a proxy via VPN

asked 2013-09-06 05:12:35 -0500

ellohir gravatar image

Hi, I'm trying to do my final university degree project on OpenStack. This is my first experience but I chose to do it because it's a great piece of software with a bright future. Anyway, this is my network arquitecture problem.

My current problem is I cannot SSH or VNC my way into my instances. My current situation is something like this: (this)

I'm using a VPN to connect to my university network. There, I have a proxy machine I access with the internal university DNS. That machine has a port redirection so that when I connect to a specific port it redirects it to the internal machines. The proxy connects me to the specific SSH ports on them (and another one for controller's node 80 port to see the dashboard). Everything uses fixed IPs, the top network on this diagram is my "connection" network, and the bottom one is the "work" network for the machines to communicate. (this diagram)

The thing is, when I try a VNC console from the dashboard, it starts a client who tries to connect to "192.168.x.x", which in my local network doesn't exist (the green clouds on this image). (this image)

There is no way right now I can access that internal IP from my browser.

Via SSH, I can't seem to access the instances either. They don't respond to ping or SSH, even when I've set up the security group. I have a floating IP network connected to a router and to the "public" network (which is just the network with the proxy machine). Like this: (this)

though that gateway is completely made up as I don't have a link between the top and bottom networks.

So... Any ideas on how can I reach my instances? I've read that the compute nodes can't reach the instances by design, but it was a spare phrase on an article. And the VMs are supposed to be able to be reached by the users anyway, so I'm guessing we'd need a more permisive configuration on the proxy machine... Which I don't have access to and I'd have to ask my teacher to modify.

Any help or ideas would be greatly appreciated :)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2013-09-06 19:42:59 -0500

medhat gravatar image

updated 2013-09-06 19:46:20 -0500

i understand that you restricted access to your unviersity network where is your cloud ensute that these confige at nova.conf


replace the public ip with your cloud domain name or public ip as you can port 6080 is necessary for this communication

there is also cloud pip vpn for accessing tenants network but you have to open vpn ports also

edit flag offensive delete link more


Thanks for your answer! So I need to open port 6080 but to which IP? The controller node or a floating ip? My public IP is the proxy and I can't access that machine. Cloud Pipe looks fine but ultimately I want to give access to many users to their different instances so it's not what I need.

ellohir gravatar imageellohir ( 2013-09-07 03:07:41 -0500 )edit

port 6080 have to be open to the controller node at the end you have to open some ports

medhat gravatar imagemedhat ( 2013-09-07 10:32:42 -0500 )edit

Got VNC access! The instances don't have ip adresses and can't access the network, nor can I access or ping them, but it's something. Thanks a lot :)

ellohir gravatar imageellohir ( 2013-09-13 09:20:34 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-09-06 05:12:35 -0500

Seen: 641 times

Last updated: Sep 06 '13