From owner-freebsd-jail@freebsd.org Fri Oct 23 15:38:10 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFCD1A1D795 for ; Fri, 23 Oct 2015 15:38:10 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0132.outbound.protection.outlook.com [157.55.234.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F1EA1CE for ; Fri, 23 Oct 2015 15:38:07 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from VI1PR06MB1039.eurprd06.prod.outlook.com (10.162.123.158) by VI1PR06MB1150.eurprd06.prod.outlook.com (10.162.124.146) with Microsoft SMTP Server (TLS) id 15.1.306.13; Fri, 23 Oct 2015 15:37:59 +0000 Received: from VI1PR06MB1037.eurprd06.prod.outlook.com (10.162.123.156) by VI1PR06MB1039.eurprd06.prod.outlook.com (10.162.123.158) with Microsoft SMTP Server (TLS) id 15.1.306.13; Fri, 23 Oct 2015 15:37:57 +0000 Received: from VI1PR06MB1037.eurprd06.prod.outlook.com ([10.162.123.156]) by VI1PR06MB1037.eurprd06.prod.outlook.com ([10.162.123.156]) with mapi id 15.01.0306.003; Fri, 23 Oct 2015 15:37:57 +0000 From: James Lodge To: "freebsd-jail@freebsd.org" Subject: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface Thread-Topic: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface Thread-Index: AQHRDaWCwzvCKcmAUUSD4bPPASu+QA== Date: Fri, 23 Oct 2015 15:37:56 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [81.174.132.199] x-microsoft-exchange-diagnostics: 1; VI1PR06MB1039; 5:DiQnq/lobNHTgoc4gNFQNJtxH0c5ckHYeAFUwFe1v6PsgNYqrPjCs6hjWdHEpomvokCXi437nuRQapRi86z0M28TaxZrkubyGNN1fRx8wRdw2Jf7Z+bmUAdy6JEI0fM/qAlONGQXtRhYKhXM2uEixA==; 24:yk1y384ZZONP77DoPg340ae9o7ZFYpB3bGUFr/sTvm3uWyVwPTfHCsS6btHkc7oT6iGvdb69PXhMmwC2bLrUmGxsd8IJPK5lek1ti5g0HCE=; 20:zT3nr5xoRoOWHXQoIlj0tU3nv+whfySDFVQtgMZEkgcB1DTQD4zGh8jAHfb/iYjKU0I1HYWfQ6hZw+qU4W81MQ== x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR06MB1039; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(102215026); SRVR:VI1PR06MB1039; BCL:0; PCL:0; RULEID:; SRVR:VI1PR06MB1039; x-forefront-prvs: 0738AF4208 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(53754006)(189002)(106356001)(2501003)(19627405001)(229853001)(189998001)(122556002)(107886002)(81156007)(2900100001)(110136002)(5001960100002)(11100500001)(105586002)(86362001)(5003600100002)(106116001)(92566002)(76576001)(5002640100001)(5004730100002)(2351001)(5007970100001)(102836002)(40100003)(450100001)(77096005)(5008740100001)(66066001)(80792005)(10400500002)(5001920100001)(19625215002)(87936001)(54356999)(97736004)(50986999)(16236675004)(33656002)(74316001)(101416001)(74482002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR06MB1039; H:VI1PR06MB1037.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2015 15:37:56.2613 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB1039 X-Microsoft-Exchange-Diagnostics: 1; VI1PR06MB1150; 2:EA009N5/eKsbtwE1gwfUIm+s5TqDluy22UfG0tgnSah3D5uyHyVpMyv42kbOWL9frET8zlp270oNGa6ZksAH8Ib/QyqBTuOEo5izx48IqVwgyZDQiyhzhDI4/O/H46zk5GMv7OldoR2YDNjbr29Vy5k2pv9leW92VHS8iVV5E90=; 23:dYStac3QOJy8FmM65Z5GWK5rstorNALYwuZO39C1d+FhX7ZpgDyKDj/dRSx1MInQeD4cd8LiFHmcdTrnilXlDKgISnJh/e7whd+Pbx2KQoMvvqTRHAOk+LBYy3uvpAQC9OEYZJTBCB1XbQN2ie4e966cUEY1aBsx1OFexIJjMrYo0BEyBywJ3yT7gsPZT9yA X-OriginatorOrg: Lodge.me.uk Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 15:38:10 -0000 Hello all, I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run Ope= nVPN. I'm not using vimage and don't particularly want to but I'm having an= issue with networking. OpenVPN daemon is up and running and I can connect successfully as a client= . I receive an IP address as expected, but I cannot route traffic to/from c= lient/server. The routing table on the client (which is a Windows machine) = looks fine so I assume the issue is on the server side. I have a tun interf= ace created on the host and exposed to the jail via devfs rules. The IP add= ress on the tun interface is configure on the host and not from the jail. I= can ping the tun interface IP from the host and the jail, but not from the= client when connected. Client---------public IP --------- lo1 (Jail alias Interface)------tun0 (Op= enVPN Interface) 10.8.06 x.x.x.x 172.16.1.8 = 10.8.0.1 OpenVPN Jail Routing Table: Internet: Destination Gateway Flags Netif Expire 172.16.1.8 link#4 UH lo1 Jail Host Routing Table: Internet: Destination Gateway Flags Netif Expire default x.x.0.1 UGS vtnet0 10.8.0.0 10.8.0.2 UGS tun0 10.8.0.1 link#5 UHS lo0 10.8.0.2 link#5 UH tun0 x.x.0.0/18 link#1 U vtnet0 x.x.x.x link#1 UHS lo0 localhost link#3 UH lo0 172.16.1.1 link#4 UH lo1 172.16.1.2 link#4 UH lo1 172.16.1.3 link#4 UH lo1 172.16.1.4 link#4 UH lo1 172.16.1.5 link#4 UH lo1 172.16.1.6 link#4 UH lo1 172.16.1.7 link#4 UH lo1 172.16.1.8 link#4 UH lo1 Client Routing Table: IPv4 Route Table =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.8.0.5 10.8.0.6 20 10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20 10.8.0.4 255.255.255.252 On-link 10.8.0.6 276 10.8.0.6 255.255.255.255 On-link 10.8.0.6 276 10.8.0.7 255.255.255.255 On-link 10.8.0.6 276 I'm a little stumped as to how to trouble shoot the issue so any help much = appreciated. James