From owner-freebsd-questions@freebsd.org  Mon Feb  4 12:07:08 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D141F14CE111
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon,  4 Feb 2019 12:07:07 +0000 (UTC) (envelope-from nvass@gmx.com)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5FBC183E24
 for <freebsd-questions@freebsd.org>; Mon,  4 Feb 2019 12:07:06 +0000 (UTC)
 (envelope-from nvass@gmx.com)
Received: from moby.local ([5.144.202.211]) by mail.gmx.com (mrgmx101
 [212.227.17.174]) with ESMTPSA (Nemesis) id 0Lv9lm-1hHkVA0StW-010IrL; Mon, 04
 Feb 2019 13:01:50 +0100
Subject: Re: ipsec+gre: no luck accessing a jail
To: Maxim Filimonov <che@bein.link>, Ernie Luzar <luzar722@gmail.com>
Cc: freebsd-questions@freebsd.org
References: <a7443085f703fe099114bc86e7ddb60b@bein.link>
 <5C573C85.1080101@gmail.com> <6ECEFDEA-2A77-432E-88E4-8123356C2362@bein.link>
From: Nikos Vassiliadis <nvass@gmx.com>
Message-ID: <c09ef65e-cf72-705a-3f8e-7a5685f9b519@gmx.com>
Date: Mon, 4 Feb 2019 14:01:47 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <6ECEFDEA-2A77-432E-88E4-8123356C2362@bein.link>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K1:HdVMrhzGEEddUuyItdaG2L3YYc0iib338yHsvcZimJJ+1vM65xE
 eF0NP936WF0Jf1vdIBaLSUrAfhSl+/agxC0xMkVAKW5i+INmkMeXLyTUEXFyrg68YKJmAXe
 QFo+oDGMmUEB66DJ9r2SxLvISLO471R79iwx+nzIH6kDXf6/sbwhB/aQgjLbFv3H3Nn1dEC
 5euSS/k5HN2BhcXxQl1/w==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:eZnfvpZvBx4=:yixdDTWKcsAdA+FRqLHjWL
 72wv3qVlI9C9OxmlGHnrxt4tBVhfBHLRZytfoqM52Z//s836a4GKEbkVaNJUHsqYm17y0/aNN
 mP6fxLCBAVLllqtV/nNhsPY4OpzXa1dG1etS156vYjUNUcuoLT0T2u18oypgn0HUKJ3tE75xd
 r8qtDmT/A5H3awXKcLyyi6kJ62QeTq5Z4lWHO8rFBmJMQlWAEFfmNtgbQvYF4p755cLFAexd7
 Wor6bI+UQ320I59xmI9bIzAUBfosLgMAj2ByRx+t7WnKKvBzjNwYHcWJ+I6/io10SD4Qa4pE9
 50GdBt/8YW2niiXExz8dl5qmfijX/pTW4ohKDAdB2H/xvuo4ZxBBhmrPeRzQ7wOiaTjuesz+a
 YcrssYbKKUKYWNT7t/rp1pXdve3H2+q1M6w5KYZzOZdfTxtbC+w9Sn6DDKs+MwJbEt+oRjJC3
 r+Unk8JQwNIsxh23y0w0TyTjy2JgiYZncCfjo5cjeckNurTfhTPpSivc03BvLDh3dej4zgRqf
 Akwmi4o2uYgIcBa5FQsSWtv95SeX5xkr9G3hR4BnCPagiR/Rv33lVFcpZULtb/Q4HTDxtoIvW
 7z8Apshs3FIe49W5q6rcfnmkHsCNJUyNyy9V7EUA+t829pBscM404UtDIlAjUSvu/IUdTzeIA
 b3Q/0STX2rUSkADjwkk4nE5fkexNV7JK4uIzos9YFhdlCeHf9PQJ4IpQqkm/FtW/yUxrmoqus
 eIEpmjowmVMOA/pziAGeLUVbehtDqUkhFaal+1QOtPEY8QT8ZqPb39iSzZ/+aI62D80MyNHOJ
 HhSLPV8Knnu7/JWNu8tIoO2Qboop/PnsF8QluQxUIqSANN+OEsiR52snNKnHVS5OM91hXOI5T
 LW8E2QnlnMlvmL9OVU764V9bOA0mwciEM11wEAMDq489rGrKaDmC2Edz7GP1ni
X-Rspamd-Queue-Id: 5FBC183E24
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of nvass@gmx.com designates 212.227.17.21 as
 permitted sender) smtp.mailfrom=nvass@gmx.com
X-Spamd-Result: default: False [-2.99 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2];
 RECEIVED_SPAMHAUS_PBL(0.00)[211.202.144.5.zen.spamhaus.org : 127.0.0.11];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+ip4:212.227.17.0/27];
 FREEMAIL_FROM(0.00)[gmx.com]; MIME_GOOD(-0.10)[text/plain];
 MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[gmx.com];
 TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[mx00.gmx.net,mx01.gmx.net];
 NEURAL_HAM_SHORT(-0.13)[-0.132,0];
 NEURAL_HAM_MEDIUM(-0.99)[-0.991,0];
 IP_SCORE(-0.45)[ip: (-3.54), ipnet: 212.227.0.0/16(-0.78), asn: 8560(2.06),
 country: DE(-0.01)]; 
 RCVD_IN_DNSWL_LOW(-0.10)[21.17.227.212.list.dnswl.org : 127.0.3.1];
 R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.com];
 ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2019 12:07:08 -0000



On 2/3/19 9:53 PM, Maxim Filimonov wrote:
> If I'm not using GRE or anything, the jail is accessible via the host's hostname/IP address.
> If I'm using GRE, but not IPSEC, it's available as well.
> If I'm using both, it's still accessible via its ip address, but not through the host's hostname.

But if using both without DNS and hostnames *is* ok, would't that make
it a different problem? that lies probably within nginx or DNS?

> 
> It's FreeBSD 11.2-RELEASE with the latest patches.
> 
> If I'm not looking at the host nginx, everything else works like a charm.

Exactly.