Running OpenVPN in a ezjail jail

thegolum35

Member


Messages: 71

Hi,

I am dealing with building a openvpn server running inside a jail, an ezjail one. So I follow that thread http://forums.freebsd.org/showthread.php?t=22143. But, I got errors:
Code:
Serveur# /usr/local/etc/rc.d/ezjail start VPN
Configuring jails:.
Starting jails:devfs rule: error converting to number: [4~#
/etc/rc.d/jail: WARNING: devfs_init_rulesets: could not read rules from /etc/defaults/devfs.rules
devfs rule: error converting to number: [4~#
/etc/rc.d/jail: WARNING: devfs_init_rulesets: could not read rules from /etc/defaults/devfs.rules
/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number
devfs rule: ioctl DEVFSIO_SAPPLY: No such process
Here is my devfs.rules:

Code:
# Devices usually found in a jail.
#
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login


# Support for TUN devices
#
[devfsrules_unhide_tun=5]
add path tun0 unhide

# Rules for jail <VPN>
#
[devfsrules_jail_VPN=6]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_tun
Is this problem caused by ezjail ?

Thank you
 

mamalos

Well-Known Member

Reaction score: 48
Messages: 446

Please, post the contents of your /etc/rc.conf as well (those that are related to your jail configuration).
 

Crest

Active Member

Reaction score: 64
Messages: 211

The problem is that your jail needs it's own IP stack to run OpenVPN in a sane manner. This in turn requires a VIMAGE support in you kernel. VIMAGE ist marked as unstable for a reason although my first tests with 9.1-RC2 look promising.
 

mamalos

Well-Known Member

Reaction score: 48
Messages: 446

Crest said:
The problem is that your jail needs it's own IP stack to run OpenVPN in a sane manner. This in turn requires a VIMAGE support in you kernel. VIMAGE ist marked as unstable for a reason although my first tests with 9.1-RC2 look promising.
Crest, are you sure about what you're saying? Because I've been running OpenVPN inside a jail using a config close to the one that thegolum35 is citing (my config uses tap) and it works just fine. What exactly to you mean by "sane manner"? Cause you've triggered my curiosity.
 

gkontos

Daemon

Reaction score: 481
Messages: 2,154

@mamalos,

Yes, OpenVPN can run fine in a jail without VIMAGE. Apparently you are not the only one running it!

@thegolum35

Code:
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
What exactly is the purpose of the above?
 
OP
OP
T

thegolum35

Member


Messages: 71

Thank you for having answered
gkontos said:
@mamalos,

Yes, OpenVPN can run fine in a jail without VIMAGE. Apparently you are not the only one running it!

@thegolum35

What exactly is the purpose of the above?
I don't know, I think ezjail added these lines in order to avoid jails access devices such as hard drives.

Here is my rc.conf:
ezjail_enable="YES"
#jail_enable="YES"
#jail_VPN_ip_multi0="tun0|10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255"
#jail_VPN_devfs_enable="YES"
#jail_VPN_devfs_ruleset="devfsrules_jail_VPN"
Thank you. Gollum
 

mamalos

Well-Known Member

Reaction score: 48
Messages: 446

I'll suppose that the lines you're showing in your /etc/rc.conf are not commented when you run your scripts...:)

The error you're getting happens when a /etc/devfs.rules stanza does not contain a number at its end. This is not obvious from the contents of the file you've supplied. Maybe there is some non-printable character somewhere. I'd recommend you to:

# cp /etc/defaults/devfs.rules /etc/

again, and append only the rules 5 and 6. Then try to start your jail.
 
Top