So I have a few questions about how to best do this... I have an OpenVPN client on a host and I would like a jail on that host to use that tunnel for all non-local access. I also need to reach this jail from other hosts on the same subnet. The host/jail are behind a firewall, so no firewalling or NAT are happening on the host.
I found this post describing a way to do this, and in theory, this basically works:
https://blog.feld.me/posts/2015/06/routing-a-freebsd-jail-through-openvpn/
What I'm struggling with here though is that the above config relies on setting a static IP in jail.conf. The provider at the other end of my VPN allocates that IP dynamically. The current jail.conf configuration style does not seem to allow the "ineherit" option for an IP address, nor offer a way to limit "inherit" to a particular interface (in this case tun0).
Are there any workarounds here to replicate the "inherit" behavior? It's the only way I can see to deal with an interface whose address may change without restarting the jail...
Any other ideas? I've seen people mention running OpenVPN inside a jail, I suspect using "VIMAGE", but I'm not certain whether VIMAGE is currently stable or production-ready.
I found this post describing a way to do this, and in theory, this basically works:
https://blog.feld.me/posts/2015/06/routing-a-freebsd-jail-through-openvpn/
What I'm struggling with here though is that the above config relies on setting a static IP in jail.conf. The provider at the other end of my VPN allocates that IP dynamically. The current jail.conf configuration style does not seem to allow the "ineherit" option for an IP address, nor offer a way to limit "inherit" to a particular interface (in this case tun0).
Are there any workarounds here to replicate the "inherit" behavior? It's the only way I can see to deal with an interface whose address may change without restarting the jail...
Any other ideas? I've seen people mention running OpenVPN inside a jail, I suspect using "VIMAGE", but I'm not certain whether VIMAGE is currently stable or production-ready.