From owner-freebsd-questions@FreeBSD.ORG  Thu Jan  4 11:52:39 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A8BF616A415
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Jan 2007 11:52:39 +0000 (UTC)
	(envelope-from nvass@teledomenet.gr)
Received: from arwen.teledomenet.gr (arwen.teledomenet.gr [213.142.128.58])
	by mx1.freebsd.org (Postfix) with ESMTP id 42FCE13C46A
	for <freebsd-questions@freebsd.org>;
	Thu,  4 Jan 2007 11:52:37 +0000 (UTC)
	(envelope-from nvass@teledomenet.gr)
Received: from iris ([192.168.1.71])
	by arwen.teledomenet.gr (8.12.10/8.12.10) with ESMTP id l04Bqam1021133; 
	Thu, 4 Jan 2007 13:52:36 +0200
From: Nikos Vassiliadis <nvass@teledomenet.gr>
To: freebsd-questions@freebsd.org
Date: Thu, 4 Jan 2007 13:54:22 +0200
User-Agent: KMail/1.9.1
References: <459C481E.4020206@gelanyi.hu>
In-Reply-To: <459C481E.4020206@gelanyi.hu>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-7"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200701041354.22967.nvass@teledomenet.gr>
Cc: Andras GELANYI <andras@gelanyi.hu>
Subject: Re: vpn client (pptp) inside a jail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2007 11:52:39 -0000

On Thursday 04 January 2007 02:19, Andras GELANYI wrote:
> Hi,
> 
> In a case when a pptp client is running a jail would be great. But in my 
> opinion it is not possible because of the lack of special interfaces and 
> facilities (eg. GRE) in jails.

You want to initiate the tunnel from within the jail? I think that's
not possible not only for pptp, but for all interface types inside a
jail(perhaps I am wrong, have no jail experience, but I think that's
an essential jail feature(not able to mess up with network interfaces)).

> Anyway. Could someone tell me whether it is possible or not?
> Does anyone know a solution for assigning a jail to a trusted network 
> through a tunnel without any influence on the base system's networking?

I can use my pptp address from within a jail, of course the tunnel is already
up and visible to the base system. You can also get the "secondary IP address
effect" for your jail using a loopback interface. For example:
ng0 1.2.3.4 <-> 5.6.7.8
lo1 9.10.11.12
9.10.11.12 would also be your jail address, totally unrelated to the tunnel.

I am not sure what you are looking for. Perhaps
you should explain a bit further. Nikos