Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 05 Jan 2007 15:28:40 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        "Marc G. Fournier" <scrappy@freebsd.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: VPN server to run in FreeBSD jail ...
Message-ID:  <459E6EA8.5040007@infracaninophile.co.uk>
In-Reply-To: <F8C793298BBF8EFB515FE77D@ganymede.hub.org>
References:  <F8C793298BBF8EFB515FE77D@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig976476CB07B125263EDBA7C6
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Marc G. Fournier wrote:

> Does anyone know of any software that would allow a client attach a VPN=
 *to* a
> process running within a FreeBSD jail from a Windows machine?

I believe you can sort-of do this with a certain amount of packet
redirection and firewall trickery, but it isn't very easy and you won't
be able to control anything to do with the VPN from within the jail.=20
Essentially you do the old trick of creating the jail using an alias
address on the loopback, then add redirection rules in the firewall to
forward traffic to it.  If you need to create tap, tun of gif interfaces
to run the VPN software then that has to be done *outside* the jail, as
there's no simple way of making those interfaces visible inside it.

It doesn't help now, but there is work underway to make the whole
network stack clonable under FreeBSD -- meaning each jail gets the
ability to have as many IP numbers as it wants, and to have a separate
firewall from the host system and do all the other networking tricks
you can think of.

    http://www.tel.fer.hr/zec/papers/zec-03.pdf

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW


--------------enig976476CB07B125263EDBA7C6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFnm6v8Mjk52CukIwRCDPCAJ9eb0lCKLVrHjdJV1wy4Vkkh8jTugCdGahW
Iqo+QBgEcHzEjHtM0uOuWVw=
=fcuN
-----END PGP SIGNATURE-----

--------------enig976476CB07B125263EDBA7C6--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?459E6EA8.5040007>