From owner-freebsd-questions@FreeBSD.ORG Thu Jan 4 11:52:39 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A8BF616A415 for ; Thu, 4 Jan 2007 11:52:39 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58]) by mx1.freebsd.org (Postfix) with ESMTP id 42FCE13C46A for ; Thu, 4 Jan 2007 11:52:37 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from iris ([192.168.1.71]) by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id l04Bqam1021133; Thu, 4 Jan 2007 13:52:36 +0200 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Thu, 4 Jan 2007 13:54:22 +0200 User-Agent: KMail/1.9.1 References: <459C481E.4020206@gelanyi.hu> In-Reply-To: <459C481E.4020206@gelanyi.hu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200701041354.22967.nvass@teledomenet.gr> Cc: Andras GELANYI Subject: Re: vpn client (pptp) inside a jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jan 2007 11:52:39 -0000 On Thursday 04 January 2007 02:19, Andras GELANYI wrote: > Hi, > > In a case when a pptp client is running a jail would be great. But in my > opinion it is not possible because of the lack of special interfaces and > facilities (eg. GRE) in jails. You want to initiate the tunnel from within the jail? I think that's not possible not only for pptp, but for all interface types inside a jail(perhaps I am wrong, have no jail experience, but I think that's an essential jail feature(not able to mess up with network interfaces)). > Anyway. Could someone tell me whether it is possible or not? > Does anyone know a solution for assigning a jail to a trusted network > through a tunnel without any influence on the base system's networking? I can use my pptp address from within a jail, of course the tunnel is already up and visible to the base system. You can also get the "secondary IP address effect" for your jail using a loopback interface. For example: ng0 1.2.3.4 <-> 5.6.7.8 lo1 9.10.11.12 9.10.11.12 would also be your jail address, totally unrelated to the tunnel. I am not sure what you are looking for. Perhaps you should explain a bit further. Nikos