Date: Wed, 8 Feb 2006 17:43:19 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: OpenVPN within a Jail under 6.x ... Message-ID: <200602081643.k18GhJNg069698@lurza.secnetix.de> In-Reply-To: <20060208121704.L3207@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Marc G. Fournier wrote: > Oliver Fromme wrote: > > The problem is that you need to configure interfaces > > (tun(4) or tap(4)) to set up the VPN, but ifconfig(8) > > does not work inside a jail. That means you cannot > > set up a VPN inside a jail. However, you can _use_ > > it within a jail, of course, if you assign the IP of > > the VPN connection to the jail > > 'k, how would you do that? I thought you could only assign one IP to a > jail, both in 4.x and 6.x? True. I meant that the IP of the VPN connection is the only IP of the jail. Or, if you can't do that, forward the packets into the jail using IPFW FWD rules and NAT. In that case, the jail doesn't need to have the VPN connection's IP. In fact, you can set the IP of the jail to a localnet IP (such as 127.0.1.1), which isn't routable and isn't accessible from the outside at all. That's often done to improve security. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. (On the statement print "42 monkeys" + "1 snake":) By the way, both perl and Python get this wrong. Perl gives 43 and Python gives "42 monkeys1 snake", when the answer is clearly "41 monkeys and 1 fat snake". -- Jim Fulton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602081643.k18GhJNg069698>