Running OpenVPN in a ezjail jail

T

thegolum35

Hi,

I am dealing with building a openvpn server running inside a jail, an ezjail one. So I follow that thread http://forums.freebsd.org/showthread.php?t=22143. But, I got errors:
Code: 
Serveur# /usr/local/etc/rc.d/ezjail start VPN
Configuring jails:.
Starting jails:devfs rule: error converting to number: [4~#
/etc/rc.d/jail: WARNING: devfs_init_rulesets: could not read rules from /etc/defaults/devfs.rules
devfs rule: error converting to number: [4~#
/etc/rc.d/jail: WARNING: devfs_init_rulesets: could not read rules from /etc/defaults/devfs.rules
/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number
devfs rule: ioctl DEVFSIO_SAPPLY: No such process

Here is my devfs.rules:

Code: 
# Devices usually found in a jail.
#
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login


# Support for TUN devices
#
[devfsrules_unhide_tun=5]
add path tun0 unhide

# Rules for jail <VPN>
#
[devfsrules_jail_VPN=6]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_tun

Is this problem caused by ezjail ?

Thank you
 
The problem is that your jail needs it's own IP stack to run OpenVPN in a sane manner. This in turn requires a VIMAGE support in you kernel. VIMAGE ist marked as unstable for a reason although my first tests with 9.1-RC2 look promising.
 
Crest said:
The problem is that your jail needs it's own IP stack to run OpenVPN in a sane manner. This in turn requires a VIMAGE support in you kernel. VIMAGE ist marked as unstable for a reason although my first tests with 9.1-RC2 look promising.
Click to expand...

Crest, are you sure about what you're saying? Because I've been running OpenVPN inside a jail using a config close to the one that thegolum35 is citing (my config uses tap) and it works just fine. What exactly to you mean by "sane manner"? Cause you've triggered my curiosity.
 
@mamalos,

Yes, OpenVPN can run fine in a jail without VIMAGE. Apparently you are not the only one running it!

@thegolum35

Code: 
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
Click to expand...

What exactly is the purpose of the above?
 
Thank you for having answered
gkontos said:
@mamalos,

Yes, OpenVPN can run fine in a jail without VIMAGE. Apparently you are not the only one running it!

@thegolum35

What exactly is the purpose of the above?
Click to expand...

I don't know, I think ezjail added these lines in order to avoid jails access devices such as hard drives.

Here is my rc.conf:
ezjail_enable="YES"
#jail_enable="YES"
#jail_VPN_ip_multi0="tun0|10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255"
#jail_VPN_devfs_enable="YES"
#jail_VPN_devfs_ruleset="devfsrules_jail_VPN"
Click to expand...

Thank you. Gollum
 
I'll suppose that the lines you're showing in your /etc/rc.conf are not commented when you run your scripts...:)

The error you're getting happens when a /etc/devfs.rules stanza does not contain a number at its end. This is not obvious from the contents of the file you've supplied. Maybe there is some non-printable character somewhere. I'd recommend you to:

# cp /etc/defaults/devfs.rules /etc/

again, and append only the rules 5 and 6. Then try to start your jail.
 
You must log in or register to reply here.
Back
Top