From owner-freebsd-jail@freebsd.org Wed Nov 29 11:22:28 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3656AE4F7D6 for ; Wed, 29 Nov 2017 11:22:28 +0000 (UTC) (envelope-from matthias@harz.de) Received: from server1.xenet.de (server1.xenet.de [213.221.94.201]) by mx1.freebsd.org (Postfix) with ESMTP id B202A700E6 for ; Wed, 29 Nov 2017 11:22:27 +0000 (UTC) (envelope-from matthias@harz.de) Received: from [10.0.0.68] (xenet.gate.xenet.de [213.221.94.32]) (authenticated bits=0) by server1.xenet.de (8.12.5/8.12.5) with ESMTP id vATBG5fs001199 for ; Wed, 29 Nov 2017 12:16:05 +0100 (CET) (envelope-from matthias@harz.de) To: freebsd-jail@FreeBSD.org From: Matthias Meyser Subject: IPSEC in VNET Jails Message-ID: Date: Wed, 29 Nov 2017 12:16:08 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 11:22:28 -0000 Hi i use a IPSEC Tunnel inside a VNET jail without problems. Annoyingly /etc/rc.d/ipsec dos not run in VNET jails. This is fixed in head see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364 This is NOT MFCed to stable/11 because the author isn't convinced that VNET jails are "is sufficiently robust in stable/11 to encourage people to use it" As this fix only makes a difference if you 1) Have compiled a Kernel WITH VIMAGE support 2) Setup and configured a VNET jail. 3) Setup IPSEC inside the VNET jail. i think this should be MFCed. -- Matthias Meyser 38678 Clausthal-Zellerfeld, Marktstrasse 40 Telefon: +49 5323 9839910 Fax: +49 5323 9839917