OpenVPN within a Jail under 6.x ...

Oliver Fromme olli at lurza.secnetix.de
Wed Feb 8 08:43:27 PST 2006


Marc G. Fournier wrote:
 > Oliver Fromme wrote:
 > > The problem is that you need to configure interfaces
 > > (tun(4) or tap(4)) to set up the VPN, but ifconfig(8)
 > > does not work inside a jail.  That means you cannot
 > > set up a VPN inside a jail.  However, you can _use_
 > > it within a jail, of course, if you assign the IP of
 > > the VPN connection to the jail
 > 
 > 'k, how would you do that?  I thought you could only assign one IP to a 
 > jail, both in 4.x and 6.x?

True.  I meant that the IP of the VPN connection is the
only IP of the jail.

Or, if you can't do that, forward the packets into the
jail using IPFW FWD rules and NAT.  In that case, the
jail doesn't need to have the VPN connection's IP.

In fact, you can set the IP of the jail to a localnet
IP (such as 127.0.1.1), which isn't routable and isn't
accessible from the outside at all.  That's often done
to improve security.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

(On the statement print "42 monkeys" + "1 snake":)  By the way,
both perl and Python get this wrong.  Perl gives 43 and Python
gives "42 monkeys1 snake", when the answer is clearly "41 monkeys
and 1 fat snake".        -- Jim Fulton


More information about the freebsd-stable mailing list