Friday, May 18, 2012

Vyatta+OpenSIPS on Citrix XEN-Server

Setting up Environment

Couple days ago I had to expand my Virtual environment to install more virtual machines and do some more experimentation, so instead of using VMware ESXi, I used Citrix XENServer
It was a good experience installing xenserver, just a matter of putting in the installation CD and then following steps.
Once I was done installing the xenserver, the first step was to create new virtual servers inside and setup the internal networking.For networking part the obvious choice was Vyatta (VYATTA CORE 6.4). 
Here is the setup diagram
Virtual Server Space - Network Topology
Setting up ISO Library in XenCenter was really easy. I used the downloaded Vyatta-virtual-64bit ISO anda Ubuntu Server ISO to install both Vyatta - routing and firewall,  and a Ubuntu Server- OpenSIPS server.

I assigned two NICs to Vyatta one being bridged to physical interface to interact with the outer world the second interface is connected to a virtual switch created inside the xenserver to communicate with the internal servers.

OpenSIPS server on the other hand is connected only to the virtual switch and uses the Vyatta router as its gateway. I had to configure NAT on the Vyatta router for this to work.

Here's how we do NAT on Vyatta to let the traffic coming from private network successfully reach out to the internet.
GW-Vyatta#set interfaces ethernet eth0 address 
GW-Vyatta#set system gateway-address 
GW-Vyatta#set system name-server 
Verify that Router can itself reach out to internet.
Start SSH Service on Vyatta router
GW-Vyatta#set service ssh listen-address
Configure the LAN interface on eth1.
GW-Vyatta#set interfaces ethernet eth1 address
Set Masquerade NAT for traffic from LAN to get translated to WAN address.

GW-Vyatta#set nat source rule 5 outbound-interface eth0
GW-Vyatta#set nat source rule 5 source address
GW-Vyatta#set nat source rule 5 translation address masquerade
Ping some internet destination from the LAN side and see some new translations on Vyatta.

W-Vyatta#run show nat source statistics
Configure SSH access to OpenSIPS Server such that when I SSH on port 22303 it gets translated to internal address port 22.
GW-Vyatta#set nat destination rule 5 inbound-interface eth0
GW-Vyatta#set nat destination rule 5 destination port 22303
GW-Vyatta#set nat destination rule 5 translation address
GW-Vyatta#set nat destination rule 5 translation port 22
GW-Vyatta#set nat destination rule 5 protocol tcp
SSH onto the OPenSIPS server via port and see the destination NAT stats.
GW-Vyatta#run show nat destination statistics


That was it and I can access internet from my OpenSIPS server and also SSH into my server from outside the virtual environment. The next thing would be to make this setup work with two-way audio. For that I may need to setup VPN or something IDK.

1 comment:

  1. Thank you for sharing this!! I'm new to Vyatta and was handed old notes. Of course, they didn't work with 6.4. Using your commands as samples help me put it all together.
    Thanks again!!