Friday, May 18, 2012

Vyatta+OpenSIPS on Citrix XEN-Server


Setting up Environment

Couple days ago I had to expand my Virtual environment to install more virtual machines and do some more experimentation, so instead of using VMware ESXi, I used Citrix XENServer
It was a good experience installing xenserver, just a matter of putting in the installation CD and then following steps.
Once I was done installing the xenserver, the first step was to create new virtual servers inside and setup the internal networking.For networking part the obvious choice was Vyatta (VYATTA CORE 6.4). 
Here is the setup diagram
Virtual Server Space - Network Topology
Setting up ISO Library in XenCenter was really easy. I used the downloaded Vyatta-virtual-64bit ISO anda Ubuntu Server ISO to install both Vyatta - routing and firewall,  and a Ubuntu Server- OpenSIPS server.

I assigned two NICs to Vyatta one being bridged to physical interface to interact with the outer world the second interface is connected to a virtual switch created inside the xenserver to communicate with the internal servers.

OpenSIPS server on the other hand is connected only to the virtual switch and uses the Vyatta router as its gateway. I had to configure NAT on the Vyatta router for this to work.

Here's how we do NAT on Vyatta to let the traffic coming from private network successfully reach out to the internet.
GW-Vyatta:~$configure
GW-Vyatta#set interfaces ethernet eth0 address 172.16.31.101/16 
GW-Vyatta#set system gateway-address 172.16.2.50 
GW-Vyatta#set system name-server 8.8.8.8 
GW-Vyatta#commit
Verify that Router can itself reach out to internet.
GW-Vyatta#ping www.google.com
Start SSH Service on Vyatta router
GW-Vyatta#set service ssh listen-address 172.16.31.101
GW-Vyatta#commit
Configure the LAN interface on eth1.
GW-Vyatta#set interfaces ethernet eth1 address 192.168.30.1/24
GW-Vyatta#commit
Set Masquerade NAT for traffic from LAN to get translated to WAN address.

GW-Vyatta#set nat source rule 5 outbound-interface eth0
GW-Vyatta#set nat source rule 5 source address 192.168.30.0/24
GW-Vyatta#set nat source rule 5 translation address masquerade
GW-Vyatta#commit
Ping some internet destination from the LAN side and see some new translations on Vyatta.



W-Vyatta#run show nat source statistics
Configure SSH access to OpenSIPS Server such that when I SSH on 172.16.31.101 port 22303 it gets translated to internal address 192.168.30.3 port 22.
GW-Vyatta#set nat destination rule 5 inbound-interface eth0
GW-Vyatta#set nat destination rule 5 destination port 22303
GW-Vyatta#set nat destination rule 5 translation address 192.168.30.3
GW-Vyatta#set nat destination rule 5 translation port 22
GW-Vyatta#set nat destination rule 5 protocol tcp
GW-Vyatta#commit
SSH onto the OPenSIPS server via port 172.16.31.101:22303 and see the destination NAT stats.
GW-Vyatta#run show nat destination statistics

GW-Vyatta#save
GW-Vyatta#exit

That was it and I can access internet from my OpenSIPS server and also SSH into my server from outside the virtual environment. The next thing would be to make this setup work with two-way audio. For that I may need to setup VPN or something IDK.

1 comment:

  1. Thank you for sharing this!! I'm new to Vyatta and was handed old notes. Of course, they didn't work with 6.4. Using your commands as samples help me put it all together.
    Thanks again!!

    ReplyDelete