[FUG-BR] openvpn jail

2015-05-14 Por tôpico Fabricio Lima 
ola..

alguem ja conseguiu fazer rodar openvpn em uma jail?

to apanhando do devfs
preciso do /dev/tun pra dar um ifconfig create tun0
mas da operation not permited.

alguma luz?

jail# ls /dev
fd  null  random  stderr  stdin  stdout  urandom  zero

-

# cat etc/devfs.rules
[openvpn_ruleset=5]
add include $devfsrules_hide_all
add include $devfsrules_unhide_login
add include $devfsrules_unhide_basic
add path tun0 unhide
---

# cat etc/jail.conf
path = /usr/jails/$name;
exec.start = /bin/sh /etc/rc;
exec.stop = /bin/sh /etc/rc.shutdown;
exec.clean;
mount.devfs;
allow.mount;
allow.sysvipc;
allow.raw_sockets;
exec.consolelog = /var/log/jail_${name}_console.log;
devfs_ruleset = 4;
interface=lo1;

www {
host.hostname = www;
ip4.addr = 10.1.1.2;
}

vpn {
host.hostname = vpn;
ip4.addr = 10.1.1.3;
devfs_ruleset = 5;
}

---
# cat /usr/jails/vpn/etc/rc.conf
cloned_interface=tun
--


[ ]'s
Fabricio Lima
Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrifice of a live chicken.
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] openvpn jail

2015-05-14 Por tôpico Fabricio Lima 
achei..

o erro é q o cloned inteface tem q estar no rc.conf do HOST e nao do jail

# cat /etc/rc.conf
cloned_interface=tun

[ ]'s
Fabricio Lima
Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrifice of a live chicken.

2015-05-14 15:38 GMT-03:00 Fabricio Lima lis...@fabriciolima.com.br:

 ola..

 alguem ja conseguiu fazer rodar openvpn em uma jail?

 to apanhando do devfs
 preciso do /dev/tun pra dar um ifconfig create tun0
 mas da operation not permited.

 alguma luz?

 jail# ls /dev
 fd  null  random  stderr  stdin  stdout  urandom  zero

 -

 # cat etc/devfs.rules
 [openvpn_ruleset=5]
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_login
 add include $devfsrules_unhide_basic
 add path tun0 unhide

 ---

 # cat etc/jail.conf
 path = /usr/jails/$name;
 exec.start = /bin/sh /etc/rc;
 exec.stop = /bin/sh /etc/rc.shutdown;
 exec.clean;
 mount.devfs;
 allow.mount;
 allow.sysvipc;
 allow.raw_sockets;
 exec.consolelog = /var/log/jail_${name}_console.log;
 devfs_ruleset = 4;
 interface=lo1;

 www {
 host.hostname = www;
 ip4.addr = 10.1.1.2;
 }

 vpn {
 host.hostname = vpn;
 ip4.addr = 10.1.1.3;
 devfs_ruleset = 5;
 }

 ---
 # cat /usr/jails/vpn/etc/rc.conf
 cloned_interface=tun
 --


 [ ]'s
 Fabricio Lima
 Sendmail administration is not black magic. There are legitimate technical
 reasons why it requires the sacrifice of a live chicken.

-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd