Hello FreeBSD users, this is my fist post, I'm still learning so please be gentle
I am trying to setup a jail (using ioCage) so that all of its traffic goes through our VPN. I have already setup OpenVPN which connects to our VPN service without issue.
However the I seem unable to successfully connect the jail to the VPN on FIB 1.
So far I have the following: (FreeBSD 12.2):
/boot/loader.conf
/etc/rc.conf
/etc/rc.local
This all seems to work OK, at least when I test it using:
Which returns my public IP address .
This returns my VPNs public IP address .
Next up I have created jail using ioCage:
myjail successfully created!
No default gateway found for ipv6.
* Starting myjail
+ Started OK
+ Using devfs_ruleset: 1002 (iocage generated default)
+ Configuring VNET OK
+ Using IP options: vnet
+ Starting services OK
+ Executing poststart OK
+ DHCP Address: 192.168.1.202/24
Next I set tun=1 and fib=1:
Restarted the jail:
Then accessed the jail using:
The jail seems ok and is accessible on the network, however despite setting the jail
So from within our jail:
Returns our normal public IP address .
Again from within the jail:
Any help and advice to get this working would be greatly appreciated...
Thanks in advance.
I am trying to setup a jail (using ioCage) so that all of its traffic goes through our VPN. I have already setup OpenVPN which connects to our VPN service without issue.
However the I seem unable to successfully connect the jail to the VPN on FIB 1.
So far I have the following: (FreeBSD 12.2):
/boot/loader.conf
Code:
net.fibs=2
/etc/rc.conf
Code:
gateway_enable="YES"
pf_enable="YES"
defaultrouter="192.168.1.1"
/etc/rc.local
Code:
route add default 192.168.1.1 -fib 1
setfib -F 1 /usr/local/sbin/openvpn --config /root/myconfig.ovpn --daemon[/I]
This all seems to work OK, at least when I test it using:
# curl http://ipecho.net/plain
Which returns my public IP address .
# setfib -F 1 curl http://ipecho.net/plain
This returns my VPNs public IP address .
Next up I have created jail using ioCage:
# iocage create -n myjail -r LATEST vnet=on dhcp=on bpf=on allow_raw_sockets=on boot=on -T
myjail successfully created!
No default gateway found for ipv6.
* Starting myjail
+ Started OK
+ Using devfs_ruleset: 1002 (iocage generated default)
+ Configuring VNET OK
+ Using IP options: vnet
+ Starting services OK
+ Executing poststart OK
+ DHCP Address: 192.168.1.202/24
Next I set tun=1 and fib=1:
# iocage set allow_tun=1 myjail
# iocage set exec_fib=1 myjail
Restarted the jail:
# iocage restart myjail
Then accessed the jail using:
# iocage console myjail
The jail seems ok and is accessible on the network, however despite setting the jail
fib=1
the jail does not seem utilize our VPN.So from within our jail:
# curl http://ipecho.net/plain
Returns our normal public IP address .
Again from within the jail:
Code:
# netstat -nr
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGS epair0b
127.0.0.1 link#1 UH lo0
192.168.1.0/24 link#2 U epair0b
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#1 U lo0
fe80::%epair0b/64 link#2 U epair0b
ff02::/16 ::1 UGRS lo0
Any help and advice to get this working would be greatly appreciated...
Thanks in advance.
Last edited by a moderator: