https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266999
--- Comment #3 from Seyed Pouria Mousavizadeh Tehrani
<p.mousaviza...@protonmail.com> ---
I have two net/ocserv applications in separate jails and give them unhide
access to the "/dev/tun*" with devfs. The ocserv will use the /dev/tun special
control device file to create tun interfaces and then rename it to the one
listed in ocserv.conf ("device = vpns" by default). The default with "vpns" was
not working, so I changed the configuration to the "device = tun" and it
worked.
I also need openvpn-client on my host in another FIB, and to make things more
predictable (actually for PF), I used two cloned tun interfaces (tun257,
tun258) in "rc.conf". Finally, I allocated them via my openvpn-client
configurations.
Note 1: I used same devfs rule for both jails. I want it to be separate for a
clean configuration, but when I separate the devfs rules, the jail that uses a
lower number in my rules will not see the "/dev/tun" special control note.
https://forums.freebsd.org/threads/ocserv-in-jail-cannot-open-dev-tun.86627/
Note 2: openvpn-client is not in jail, but last night due to multiple crashes
of the entire system, I created an openvpn-server in another jail concurrent to
the ocserv jails, which is doing tun allocation dynamically in their VNET.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
