From owner-freebsd-stable@FreeBSD.ORG Wed Feb 8 13:21:59 2006 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A989816A420 for ; Wed, 8 Feb 2006 13:21:59 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0553143D45 for ; Wed, 8 Feb 2006 13:21:58 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (bmtuhk@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k18DLp9R061918 for ; Wed, 8 Feb 2006 14:21:57 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k18DLpjo061917; Wed, 8 Feb 2006 14:21:51 +0100 (CET) (envelope-from olli) Date: Wed, 8 Feb 2006 14:21:51 +0100 (CET) Message-Id: <200602081321.k18DLpjo061917@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG In-Reply-To: <20060207225936.O3207@ganymede.hub.org> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 08 Feb 2006 14:21:57 +0100 (CET) Cc: Subject: Re: OpenVPN within a Jail under 6.x ... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 13:21:59 -0000 Marc G. Fournier wrote: > Is this possible? I'm reading through the man pages for openvpn, and > doubt that it is with 4.x, since it requires access to /dev, but with 6.x > using devfs to mount dev into the jail, is it possible to set it up? The problem isn't related to /dev. It doesn't matter whether your device nodes come from devfs (FreeBSD 6) or have been created manually with MAKEDEV (FreeBSD 4), both of which can be used for jails. The problem is that you need to configure interfaces (tun(4) or tap(4)) to set up the VPN, but ifconfig(8) does not work inside a jail. That means you cannot set up a VPN inside a jail. However, you can _use_ it within a jail, of course, if you assign the IP of the VPN connection to the jail (or arrange to forward packets to the jail with IPFW FWD or whatever). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. Passwords are like underwear. You don't share them, you don't hang them on your monitor or under your keyboard, you don't email them, or put them on a web site, and you must change them very often.