[FUG-BR] openvpn jail
ola.. alguem ja conseguiu fazer rodar openvpn em uma jail? to apanhando do devfs preciso do /dev/tun pra dar um ifconfig create tun0 mas da operation not permited. alguma luz? jail# ls /dev fd null random stderr stdin stdout urandom zero - # cat etc/devfs.rules [openvpn_ruleset=5] add include $devfsrules_hide_all add include $devfsrules_unhide_login add include $devfsrules_unhide_basic add path tun0 unhide --- # cat etc/jail.conf path = /usr/jails/$name; exec.start = /bin/sh /etc/rc; exec.stop = /bin/sh /etc/rc.shutdown; exec.clean; mount.devfs; allow.mount; allow.sysvipc; allow.raw_sockets; exec.consolelog = /var/log/jail_${name}_console.log; devfs_ruleset = 4; interface=lo1; www { host.hostname = www; ip4.addr = 10.1.1.2; } vpn { host.hostname = vpn; ip4.addr = 10.1.1.3; devfs_ruleset = 5; } --- # cat /usr/jails/vpn/etc/rc.conf cloned_interface=tun -- [ ]'s Fabricio Lima Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrifice of a live chicken. - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] openvpn jail
achei.. o erro é q o cloned inteface tem q estar no rc.conf do HOST e nao do jail # cat /etc/rc.conf cloned_interface=tun [ ]'s Fabricio Lima Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrifice of a live chicken. 2015-05-14 15:38 GMT-03:00 Fabricio Lima lis...@fabriciolima.com.br: ola.. alguem ja conseguiu fazer rodar openvpn em uma jail? to apanhando do devfs preciso do /dev/tun pra dar um ifconfig create tun0 mas da operation not permited. alguma luz? jail# ls /dev fd null random stderr stdin stdout urandom zero - # cat etc/devfs.rules [openvpn_ruleset=5] add include $devfsrules_hide_all add include $devfsrules_unhide_login add include $devfsrules_unhide_basic add path tun0 unhide --- # cat etc/jail.conf path = /usr/jails/$name; exec.start = /bin/sh /etc/rc; exec.stop = /bin/sh /etc/rc.shutdown; exec.clean; mount.devfs; allow.mount; allow.sysvipc; allow.raw_sockets; exec.consolelog = /var/log/jail_${name}_console.log; devfs_ruleset = 4; interface=lo1; www { host.hostname = www; ip4.addr = 10.1.1.2; } vpn { host.hostname = vpn; ip4.addr = 10.1.1.3; devfs_ruleset = 5; } --- # cat /usr/jails/vpn/etc/rc.conf cloned_interface=tun -- [ ]'s Fabricio Lima Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrifice of a live chicken. - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd