Sorry for the obvious, but this does mean that you need to install tun/tap in the global zone ... which I guess is the reason you're getting the permission problems.
Jon On Mon, 21 Jan 2019 at 09:33, Jonathan Adams <t12nsloo...@gmail.com> wrote: > root@moysalsrv:~# zonecfg -z vpnzone info > zonename: vpnzone > zonepath: /zones/vpnzone > brand: ipkg > autoboot: true > bootargs: > pool: > limitpriv: default > scheduling-class: > ip-type: exclusive > hostid: > fs-allowed: > net: > address not specified > allowed-address not specified > physical: vpninternal0 > defrouter not specified > net: > address not specified > allowed-address not specified > physical: vpnvnic0 > defrouter not specified > device: > match: /dev/lockstat > device: > match: /dev/tun* > > ... > > this is for a "client" rather than for a "server", but hopefully this will > give you some mileage. > > Jon > > On Mon, 21 Jan 2019 at 08:30, Jonathan Adams <t12nsloo...@gmail.com> > wrote: > >> I know in the past that I had to pass through specific dev interfaces. >> I'll take a look when I get to work, as I think we still have one box set >> up that way. >> Jon >> >> On Mon, 21 Jan 2019 07:46 Alexander Pyhalov via oi-dev < >> oi-dev@openindiana.org wrote: >> >>> Hi. >>> I suppose some of the privileges mentioned in >>> /lib/svc/manifest/network/openvpn.xml are not available in zone (look at >>> method_credential section). >>> >>> С уважением, >>> Александр Пыхалов, >>> программист отдела телекоммуникационной инфраструктуры >>> управления информационно-коммуникационной инфраструктуры ЮФУ >>> >>> >>> ________________________________________ >>> От: Sven Schmeling <sven.schmel...@schmeling-ol.de> >>> Отправлено: 18 января 2019 г. 23:36:17 >>> Кому: OpenIndiana Developer mailing >>> Тема: [oi-dev] OpenVPN in a local zone >>> >>> Hello, >>> >>> i have installed OpenVPN in a local zone. >>> >>> Starting the service with "svcadm enable svc:/network/openvpn:default" >>> (or rebooting the zone) ends in the maintenance mode: >>> >>> # svcs openvpn >>> STATE STIME FMRI >>> maintenance 19:46:37 svc:/network/openvpn:default >>> >>> cat /var/svc/log/network-openvpn:default.log >>> >>> [ Jan 18 19:46:37 Enabled. ] >>> [ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon >>> openvpn --config '/etc/openvpn/openvpn.conf'"). ] >>> [ Jan 18 19:46:37 svc.startd could not set context for method: ] >>> setppriv: Not owner >>> [ Jan 18 19:46:37 Method "start" exited with status 96. ] >>> >>> Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config >>> are maded but doesn't change the behavior. >>> >>> Starting openvpn with "/usr/sbin/openvpn --verb 9 --config >>> '/etc/openvpn/openvpn.conf'" on the command line works fine and >>> connections are possible. >>> >>> >>> Any hints about the "setppriv" error? >>> >>> -------------- >>> >>> pkg info openvpn >>> Name: network/openvpn >>> Summary: OpenVPN is a full-featured open source SSL VPN solution >>> Category: Applications/Internet >>> State: Installed >>> Publisher: openindiana.org >>> Version: 2.4.3 >>> Branch: 2018.0.0.1 >>> Packaging Date: Sun Feb 11 13:19:38 2018 >>> Size: 1.19 MB >>> FMRI: >>> pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z >>> Project URL: http://openvpn.net >>> Source URL: >>> http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz >>> >>> -------------- >>> >>> Thanks >>> >>> Sven Schmeling >>> >>> >>> - -- >>> Sven Schmeling, Oldenburg, Germany >>> mailto:sven.schmel...@schmeling-ol.de >>> >>> >>> >>> >>> >>> _______________________________________________ >>> oi-dev mailing list >>> oi-dev@openindiana.org >>> https://openindiana.org/mailman/listinfo/oi-dev >> >>
_______________________________________________ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev