From owner-freebsd-questions@FreeBSD.ORG Mon Dec 5 23:02:56 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3ACF9106566B for ; Mon, 5 Dec 2011 23:02:56 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 0580B8FC14 for ; Mon, 5 Dec 2011 23:02:55 +0000 (UTC) Received: from pps.filterd (ltcfislmsgpa05 [127.0.0.1]) by ltcfislmsgpa05.fnfis.com (8.14.4/8.14.4) with SMTP id pB5MQPIG017546; Mon, 5 Dec 2011 16:33:12 -0600 Received: from smtp.fisglobal.com ([10.132.206.17]) by ltcfislmsgpa05.fnfis.com with ESMTP id 11h5p007sg-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 05 Dec 2011 16:33:12 -0600 Received: from [10.64.200.249] (10.14.152.56) by smtp.fisglobal.com (10.132.206.17) with Microsoft SMTP Server (TLS) id 14.1.323.3; Mon, 5 Dec 2011 16:33:05 -0600 References: From: Devin Teske Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" In-Reply-To: Message-ID: <5E7F61A5-DDC9-463B-85CC-834C5DADC125@fisglobal.com> Date: Sun, 4 Dec 2011 08:54:45 -0800 To: Alejandro Imass MIME-Version: 1.0 (iPhone Mail 8C148) X-Mailer: iPhone Mail (8C148) X-Originating-IP: [10.14.152.56] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.5.7110, 1.0.211, 0.0.0000 definitions=2011-12-05_04:2011-12-05, 2011-12-05, 1970-01-01 signatures=0 Cc: FreeBSD Questions Subject: * Re: IPSec in Jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2011 23:02:56 -0000 On Dec 3, 2011, at 4:42 PM, Alejandro Imass wrote: > Hello, >=20 > I was following a thread in FBSD Spanish talking about the use of > IPSec in Jails and there was no conclusion to the matter. I have a > client that wants to run a VPN which requires IPSec and he is running > on some jails we provide them. We can provide them with a public IP > for the jail but I'm not sure if this will work. >=20 > I understand from the thread that recompiling the kernel with VIMAGE > enabled should allow the use of IPSec in the jails but apparently > until 8.0 this was experimental. This particular server uses 8.2 so I > would like to know if anyone here has done this and how stable it is? > Would enabling VIMAGE for the base kernel compromise the system and > other clients running on other jails in the same server? We're using 8.1 + VIMAGE and using openvpn, ipfw, and IPSec within jail suc= cessfully. No stability issues with other jails (so far), but then again only been run= ning that setup (with IPSec/openvpn in a vimage) for a few weeks now. But, = so far so good! --=20 Devin >=20 > Thanks beforehand for any valuable comments! >=20 > --=20 > Alejandro Imass > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.