On 2011-May-05 00:17, Mathias Seiler wrote: [..]
Bear in mind that you may loose some functionality with such virtualization technologies like IPSec VPNs inside virtual containers
Can't say if IPSEC works, as I don't use it anywhere, but as the interfaces are just 'not seen by other vms' I can't see why it would not work. Try to know but indeed a good thing to check.
Oh and don't forget IPv6 :)
Works in both OpenVZ and LXC.
For OpenVZ one can even tell that the 'tun' adapter needs to be available inside a container.
With LXC, one can bridge and delegate everything based on the character device.
If you are going to start setting up stuff today and you don't want to use hardware virtualisation (read: KVM and others) then I would go for LXC, as it is in the main line kernel and has more flexibility.
(the combo of running KVM and then in one of the VMs having LXC containers, is the trick I use ;)
Greets, Jeroen