Does a Jail need to be a VNET Jail with it's own network stack in order to run Tailscale (or Wireguard in general) or is it possible to do so just by assigning an IP address to a regular thick/think jail?
I am in the process of figuring out VNET Jails in order to safely expose individual services but I am finding it difficult to understand bridges. The handbook is helpful but the concept is not so easy for me to read it briefly and understand it. I would need to study it properly, which is why I am asking if my efforts might not even be necessary in case Tailscale does not require a Jail with it's own network stack.
On another note, I'm not sure if my plan is feasible to begin with;
I am running Tailscale on the host OS but I wanted to create jails that don't use the tailscale0 network interface but instead the regular Ethernet re0. At first I thought I could simply make jails use the re0 interface so that I could install Tailscale inside the individual jails but I wonder if I'm going about this in an ignorant way.
I am in the process of figuring out VNET Jails in order to safely expose individual services but I am finding it difficult to understand bridges. The handbook is helpful but the concept is not so easy for me to read it briefly and understand it. I would need to study it properly, which is why I am asking if my efforts might not even be necessary in case Tailscale does not require a Jail with it's own network stack.
On another note, I'm not sure if my plan is feasible to begin with;
I am running Tailscale on the host OS but I wanted to create jails that don't use the tailscale0 network interface but instead the regular Ethernet re0. At first I thought I could simply make jails use the re0 interface so that I could install Tailscale inside the individual jails but I wonder if I'm going about this in an ignorant way.