Running OpenVPN in a jail inside the LAN

dvl@

Aspiring Daemon
Developer

Thanks: 63
Messages: 550

#1
At present, I'm running OpenVPN on my gateway (FreeBSD 9.1). I want to move the OpenVPN server to a jail running on a host inside the LAN.

I've managed to get OpenVPN running in that jail, but I see two problems, for which I have no solution.

  1. tun0 is destroyed when OpenVPN restarts. tun0 must be reset from within the jail host.
  2. The route for tun0 must be set, and reset on each OpenVPN restart, in the jail host.

I'm hoping I can find a solution, perhaps using /etc/devfs.rules in the jail host, which will allow this to be done all within the jail.
 

junovitch@

Daemon
Developer

Thanks: 613
Messages: 1,773

#2
I have not found a solution to restarting OpenVPN within the jail. But with these two options in my /usr/local/etc/ezjail/vpn configuration it at least starts it properly. Restarting the service means I have to restart the whole jail since it drops the IP when the OpenVPN service closes.
Code:
export jail_vpn_ip_multi0="tun0|10.100.103.1 10.100.103.2 netmask 255.255.255.255"
export jail_vpn_exec_prestart0="/sbin/route add -net 10.100.103.0/24 10.100.103.2"
 
OP
OP
dvl@

dvl@

Aspiring Daemon
Developer

Thanks: 63
Messages: 550

#5
I do plan to get back to this goal in the coming weeks. I've been distracted...
 
Top