OpenVPN Client inside a Jail

tuaris

tuaris

I'm trying to run an OpenVPN client inside a jail. It fails to create the tunnel and fails with this error:

Code: 
Aug 27 14:53:11 vpn openvpn[3811]: Cannot allocate TUN/TAP dev dynamically
Aug 27 14:53:11 vpn openvpn[3811]: Exiting due to fatal error

I've done the following:

Added this to /etc/devfs.rules

Code: 
[devfsrules_jail_tun=10]
add path tun0 unhide

This is my /etc/jail.conf file:

Code: 
# Global settings applied to all jails.
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";

allow.raw_sockets;
exec.clean;
mount.devfs;

# Allow shared memory (ie. Postgresql)
allow.sysvipc;

$domain = "jails.local";

host.hostname = "${name}.${domain}";
path = "/usr/local/jails/${name}";

ip4 = inherit;

.include "/etc/jail.conf.d/*.conf";

Here's the configuration file for the jail running the OpenVPN client:

Code: 
vpn {
    devfs_ruleset = "10";
}

The OpenVPN config file (limted info)

Code: 
client
dev tun
proto udp
remote xxxxx.xxxxxxxxx.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
 
Make sure the if_tuntap.ko kernel module is loaded on the host, a jail is not allowed to load kernel modules.
 
You must log in or register to reply here.
Back
Top