jails Jail cannot access /dev/tun

DaLynX

New Member


Messages: 3

Hello,

I am trying to install a wireguard VPN in a jail but am having some trouble with the jail playing with TUN devices.
When I try to create the wireguard interface I get the following error:

Code:
root@vpn2:~ # wireguard-go wg0
INFO: (wg0) 2020/10/20 17:10:56 Starting wireguard-go version 0.0.20200320
ERROR: (wg0) 2020/10/20 17:10:56 Failed to create TUN device: open /dev/tun: no such file or directory


I checked with stat, same:
Code:
root@vpn2:~ # stat /dev/tun
stat: /dev/tun: stat: No such file or directory


But it works on the host:
Code:
root@x:/home/x# stat /dev/tun
1895890688 142 crw------- 1 uucp dialer 142 0 "Oct 20 19:13:49 2020" "Oct 20 19:13:49 2020" "Oct 20 19:13:49 2020" "Jan  1 00:59:59 1970" 4096 0 0 /dev/tun


Here is the jail configuration (I am using ezjail):
/usr/local/etc/ezjail/vpn2
Code:
# To specify the start up order of your ezjails, use these lines to
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE:
# BEFORE:
#

export jail_vpn2_hostname="vpn2"
export jail_vpn2_ip="192.168.1.27"
export jail_vpn2_rootdir="/usr/jails/vpn2"
export jail_vpn2_exec_start="/bin/sh /etc/rc"
export jail_vpn2_exec_stop=""
export jail_vpn2_mount_enable="YES"
export jail_vpn2_devfs_enable="YES"
export jail_vpn2_devfs_ruleset="6"
export jail_vpn2_procfs_enable="YES"
export jail_vpn2_fdescfs_enable="YES"
export jail_vpn2_image=""
export jail_vpn2_imagetype="zfs"
export jail_vpn2_attachparams=""
export jail_vpn2_attachblocking=""
export jail_vpn2_forceblocking=""
export jail_vpn2_zfs_datasets=""
export jail_vpn2_cpuset=""
export jail_vpn2_fib=""
export jail_vpn2_parentzfs="zroot/jails"
export jail_vpn2_parameters=""
export jail_vpn2_post_start_script=""
export jail_vpn2_retention_policy=""


And my /etc/devfs.rules:
Code:
#
# The following are some default rules for devfs(5) mounts.
# The format is very simple. Empty lines and lines beginning
# with a hash '#' are ignored. If the hash mark occurs anywhere
# other than the beginning of a line, it and any subsequent
# characters will be ignored.  A line in between brackets '[]'
# denotes the beginning of a ruleset. In the brackets should
# be a name for the rule and its ruleset number. Any other lines
# will be considered to be the 'action' part of a rule
# passed to the devfs(8) command. These will be passed
# "as-is" to the devfs(8) command with the exception that
# any references to other rulesets will be expanded first. These
# references must include a dollar sign '$' in front of the
# name to be expanded properly.
#
# $FreeBSD: releng/12.1/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
#

# Very basic and secure ruleset: Hide everything.
# Used as a basis for other rules.
#
[devfsrules_hide_all=1]
add hide

# Basic devices typically necessary.
# Requires: devfsrules_hide_all
#
[devfsrules_unhide_basic=2]
add path log unhide
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide

# Devices typically needed to support logged-in users.
# Requires: devfsrules_hide_all
#
[devfsrules_unhide_login=3]
add path 'ptyp*' unhide
add path 'ptyq*' unhide
add path 'ptyr*' unhide
add path 'ptys*' unhide
add path 'ptyP*' unhide
add path 'ptyQ*' unhide
add path 'ptyR*' unhide
add path 'ptyS*' unhide
add path 'ptyl*' unhide
add path 'ptym*' unhide
add path 'ptyn*' unhide
add path 'ptyo*' unhide
add path 'ptyL*' unhide
add path 'ptyM*' unhide
add path 'ptyN*' unhide
add path 'ptyO*' unhide
add path 'ttyp*' unhide
add path 'ttyq*' unhide
add path 'ttyr*' unhide
add path 'ttys*' unhide
add path 'ttyP*' unhide
add path 'ttyQ*' unhide
add path 'ttyR*' unhide
add path 'ttyS*' unhide
add path 'ttyl*' unhide
add path 'ttym*' unhide
add path 'ttyn*' unhide
add path 'ttyo*' unhide
add path 'ttyL*' unhide
add path 'ttyM*' unhide
add path 'ttyN*' unhide
add path 'ttyO*' unhide
add path ptmx unhide
add path pts unhide
add path 'pts/*' unhide
add path fd unhide
add path 'fd/*' unhide
add path stdin unhide
add path stdout unhide
add path stderr unhide

# Devices usually found in a jail.
#
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path fuse unhide
add path zfs unhide

[devfsrules_unhide_tun=5]
#add path tun unhide
#add path tun0 unhide
#add path tun1 unhide
#add path tun2 unhide
add path 'tun*' unhide

# Rules for jail VPN
#
[devfsrules_jail_vpn=6]
add include $devfsrules_jail
add include $devfsrules_unhide_tun


Any idea of what might have gone wrong?
I am running 12.1-RELEASE-p10.
 
Last edited by a moderator:
Top