From owner-freebsd-questions@FreeBSD.ORG  Sun Feb 16 15:41:01 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 33093AF
 for <freebsd-questions@freebsd.org>; Sun, 16 Feb 2014 15:41:01 +0000 (UTC)
Received: from mail-oa0-x234.google.com (mail-oa0-x234.google.com
 [IPv6:2607:f8b0:4003:c02::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id F0AFE1752
 for <freebsd-questions@freebsd.org>; Sun, 16 Feb 2014 15:41:00 +0000 (UTC)
Received: by mail-oa0-f52.google.com with SMTP id i4so16321328oah.25
 for <freebsd-questions@freebsd.org>; Sun, 16 Feb 2014 07:40:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=Y/8wMVscbN16ps4S6TrHsXW9VPKg+PXI0aCWjP6n2jo=;
 b=ywt/l3L1BuM5G7JEA7LZEeUec7JQGZonRUephsV5qOMgpQKTa3QaLceJM9Ucwk5Rlw
 HY+elk449J0yK7Ad/VMLuzIuDp0iVf7+0XJA6kiPf7RBr+RB0kLd7XWb6LlIRyDC6qJL
 8VrN2LVUjvbiKnrCMHggSmIr8ip9lXrITYvIShpK/wDmJEzjsYp8C6sEDJeqSmxdSA5s
 a/3ekfBpoREhjS2v1VnG+rW982sOZePVIOjEQKJwfcUK5XwFui9tvpeYRYq4w3FNnGYl
 46NChgBnRPL5NKaD6K+jfo8o7hZA4do1p44BHkSNpNUYGRpnifykkYY9mRcV1gaZsppp
 MJDQ==
MIME-Version: 1.0
X-Received: by 10.60.231.194 with SMTP id ti2mr2001983oec.41.1392565259675;
 Sun, 16 Feb 2014 07:40:59 -0800 (PST)
Received: by 10.60.23.33 with HTTP; Sun, 16 Feb 2014 07:40:59 -0800 (PST)
Date: Sun, 16 Feb 2014 10:40:59 -0500
Message-ID: <CADfK3RV=FdbNEW-8AdKdS7+CWs=Fk=j3J=JKoyoyZZ9-TYC+8w@mail.gmail.com>
Subject: Services running OpenVPN on a Jail
From: Stephen R Guglielmo <srguglielmo@gmail.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Feb 2014 15:41:01 -0000

Hi guys,

I use OpenVPN to get an IP address that my mail/web/etc daemons listen on.
Right now, everything runs without a jail. I want to start jailing services.

OpenVPN runs on the host and provides the IP address via tap0. Would I be
unable to jail, say, my httpd, because, from the jail, it would not be able
to access tap0 on the host? There's multiple services that listen on that
tap0 IP, and it would be pointless to jail them all together.

Thanks!
-srg