ezjail with racoon

[beaute]

Hello,

I'm trying to achieve multiple IPSec tunnels using racoon, and I am interested in taking a shot at the separation of the network flow between the three tunnels using jails. So each tunnel would be running on a single jail. I am curious to know if this is even possible.


I have successfully installed racoon, and did the tunnels without using the jails. Now I just installed ezjail. I'm just not sure what are the correct configuration for this.

I am following this guide. I need to include an IP address for each jail. Which IP address should I use? The physical IP address or the virtual?

Here is my network configuration from rc.conf

ifconfig_msk0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_msk0_alias0="inet 192.168.1.10 netmask 255.255.255.255"
ifconfig_msk0_alias1="inet 192.168.1.100 netmask 255.255.0.0"

cloned_interfaces="gif0 gif1 gif2"
gif_interfaces="gif0 gif1 gif2"

gifconfig_gif0="192.168.1.1 192.168.1.2"
ifconfig_gif0="inet 10.0.0.1 10.0.0.2 netmask 255.255.255.0 mtu 1500"

gifconfig_gif1="192.168.1.10 192.168.1.20"
ifconfig_gif1="inet 10.30.0.1 10.30.0.2 netmask 255.255.255.0 mtu 1500"

gifconfig_gif2="192.168.1.100 192.168.1.200"
ifconfig_gif2="inet 10.60.0.1 10.60.0.2 netmask 255.255.255.0 mtu 1500"

So as you can see, I have the physical addresses 192.168.1.1, 192.168.1.10, 192.168.1.100 and the tunnels are starting with 10s.

 

[SirDice]

You need to 'bind' a jail to an interface. Not sure if you can use gif for that. Things might go weird if the VPN drops and the interface disappears.

You may be able to get it working by starting the VPN inside a jail. You'll probably need to enable raw_sockets for it work.

 

[beaute]

Okay, I did manage to get the installation and the jail running. However, I have no internet connection inside the jail whatsoever. I was trying to install racoon from port (as well as bash) but couldn't fetch it.

The machine I'm working with has only one network interface. I alternate between to ethernet cables, one for the local network (the one the jail is supposed to be part of) and one with the internet access to connect to the rest of the world. I can't have both up at the same time.

To obtain Internet connection, I am required to use dhclient to get an address. I have no control over the address given to me.

Running dhclient inside the jail in order to get the IP address returns a

Can't find free bpf: No such file or directory

message.

Running [cmd=]netstat -a[/cmd] returns

kvm not available: /dev/mem: No such file or directory

and other information looking gibberish, no readable address.

Running ifconfig returns no IP address to the interface in question.

With this setup, how can I get internet inside the jail in order to install the necessary servies?

 

[fbsd1]

you can not bind a jail to a dymanic ip address as it can change on you. You can not use jails in your case.