Date: Fri, 21 Oct 2011 13:02:40 +1100 From: Morgan Reed <morgan.s.reed@gmail.com> To: freebsd-stable@freebsd.org Subject: Accessing tun devices from inside a Jail Message-ID: <CAKnh_YvwLXZarqUKjW_dT_S1h9frA=KspxMqy%2BOR36yuSv8rXg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I'm currently attempting to setup, I suppose you'd call it a multi-VPN-tunnel gateway. Basically I have several OpenVPN Servers in different locations, I want to have various tunnels up to them and be able to choose an exit by way of pointing my browser at a particular instance of Squid running in a particular jail which routes via a particular tunnel (HTTP/S traffic is the primary concern at this point, though I might want to extend the concept to all traffic in future). First issue I ran into was routing tables, that was resolved by recompiling my kernel with option ROUTETABLES=10 and pointing each of my jails to their own FIB, however as it's not possible to configure route tables from inside the jail (as far as I'm aware anyway) I need to bring the OpenVPN tunnel up from the host and utilise a route-up script to configure the routing table for the jail (utilising setfib), I run into problems though, as even though the tun device is visible in the jail it does not appear to be configured (no IP addersses, etc) so the jail is unable to route traffic. All the stuff I've been able to find online has been geared to static addresses on each end of the tunnel, this is not the case with my VPN provider, tunnel addresses are dynamically assigned. I think that worst case I can probably use pf on the host to route traffic from a given jail via a particular interface or possibly cobble something up around VIMAGE, but I think I'd rather not have to go down those paths. I'm not sure if what I'm looking for is actually possible, any suggestions would be much appreciated. Thanks, Morgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKnh_YvwLXZarqUKjW_dT_S1h9frA=KspxMqy%2BOR36yuSv8rXg>