RE: VPN server to run in FreeBSD jail ...
[EMAIL PROTECTED] wrote: Marc G. Fournier wrote: Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? It doesn't help now, but there is work underway to make the whole network stack clonable under FreeBSD -- meaning each jail gets the ability to have as many IP numbers as it wants, and to have a separate firewall from the host system and do all the other networking tricks you can think of. http://www.tel.fer.hr/zec/papers/zec-03.pdf Hi, This document is dated 2003, and tests were done for FreeBSD 4.8. Is there a chance to have a clonable network stack in a near future? --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
VPN server to run in FreeBSD jail ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFnmGP4QvfyHIvDvMRAv/kAJ9FGJVhWoYmCbHznARwaJOjNDdRfwCfR+3x dtGeFdEy5QCy5KL+C1/JgnQ= =fOYf -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: VPN server to run in FreeBSD jail ...
Marc G. Fournier wrote: Does anyone know of any software that would allow a client attach a VPN *to* a process running within a FreeBSD jail from a Windows machine? I believe you can sort-of do this with a certain amount of packet redirection and firewall trickery, but it isn't very easy and you won't be able to control anything to do with the VPN from within the jail. Essentially you do the old trick of creating the jail using an alias address on the loopback, then add redirection rules in the firewall to forward traffic to it. If you need to create tap, tun of gif interfaces to run the VPN software then that has to be done *outside* the jail, as there's no simple way of making those interfaces visible inside it. It doesn't help now, but there is work underway to make the whole network stack clonable under FreeBSD -- meaning each jail gets the ability to have as many IP numbers as it wants, and to have a separate firewall from the host system and do all the other networking tricks you can think of. http://www.tel.fer.hr/zec/papers/zec-03.pdf Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature