Re: [oi-dev] OpenVPN in a local zone
Sorry for the obvious, but this does mean that you need to install tun/tap
in the global zone ... which I guess is the reason you're getting the
permission problems.
Jon
On Mon, 21 Jan 2019 at 09:33, Jonathan Adams wrote:
> root@moysalsrv:~# zonecfg -z vpnzone info
> zonename: vpnzone
> zonepath: /zones/vpnzone
> brand: ipkg
> autoboot: true
> bootargs:
> pool:
> limitpriv: default
> scheduling-class:
> ip-type: exclusive
> hostid:
> fs-allowed:
> net:
> address not specified
> allowed-address not specified
> physical: vpninternal0
> defrouter not specified
> net:
> address not specified
> allowed-address not specified
> physical: vpnvnic0
> defrouter not specified
> device:
> match: /dev/lockstat
> device:
> match: /dev/tun*
>
> ...
>
> this is for a "client" rather than for a "server", but hopefully this will
> give you some mileage.
>
> Jon
>
> On Mon, 21 Jan 2019 at 08:30, Jonathan Adams
> wrote:
>
>> I know in the past that I had to pass through specific dev interfaces.
>> I'll take a look when I get to work, as I think we still have one box set
>> up that way.
>> Jon
>>
>> On Mon, 21 Jan 2019 07:46 Alexander Pyhalov via oi-dev <
>> oi-dev@openindiana.org wrote:
>>
>>> Hi.
>>> I suppose some of the privileges mentioned in
>>> /lib/svc/manifest/network/openvpn.xml are not available in zone (look at
>>> method_credential section).
>>>
>>> С уважением,
>>> Александр Пыхалов,
>>> программист отдела телекоммуникационной инфраструктуры
>>> управления информационно-коммуникационной инфраструктуры ЮФУ
>>>
>>>
>>>
>>> От: Sven Schmeling
>>> Отправлено: 18 января 2019 г. 23:36:17
>>> Кому: OpenIndiana Developer mailing
>>> Тема: [oi-dev] OpenVPN in a local zone
>>>
>>> Hello,
>>>
>>> i have installed OpenVPN in a local zone.
>>>
>>> Starting the service with "svcadm enable svc:/network/openvpn:default"
>>> (or rebooting the zone) ends in the maintenance mode:
>>>
>>> # svcs openvpn
>>> STATE STIMEFMRI
>>> maintenance19:46:37 svc:/network/openvpn:default
>>>
>>> cat /var/svc/log/network-openvpn:default.log
>>>
>>> [ Jan 18 19:46:37 Enabled. ]
>>> [ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
>>> openvpn --config '/etc/openvpn/openvpn.conf'"). ]
>>> [ Jan 18 19:46:37 svc.startd could not set context for method: ]
>>> setppriv: Not owner
>>> [ Jan 18 19:46:37 Method "start" exited with status 96. ]
>>>
>>> Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
>>> are maded but doesn't change the behavior.
>>>
>>> Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
>>> '/etc/openvpn/openvpn.conf'" on the command line works fine and
>>> connections are possible.
>>>
>>>
>>> Any hints about the "setppriv" error?
>>>
>>> --
>>>
>>> pkg info openvpn
>>> Name: network/openvpn
>>> Summary: OpenVPN is a full-featured open source SSL VPN solution
>>> Category: Applications/Internet
>>> State: Installed
>>> Publisher: openindiana.org
>>> Version: 2.4.3
>>> Branch: 2018.0.0.1
>>> Packaging Date: Sun Feb 11 13:19:38 2018
>>> Size: 1.19 MB
>>> FMRI:
>>> pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
>>> Project URL: http://openvpn.net
>>> Source URL:
>>> http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz
>>>
>>> --
>>>
>>> Thanks
>>>
>>> Sven Schmeling
>>>
>>>
>>> - --
>>> Sven Schmeling, Oldenburg, Germany
>>> mailto:sven.schmel...@schmeling-ol.de
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> oi-dev mailing list
>>> oi-dev@openindiana.org
>>> https://openindiana.org/mailman/listinfo/oi-dev
>>
>>
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenVPN in a local zone
root@moysalsrv:~# zonecfg -z vpnzone info
zonename: vpnzone
zonepath: /zones/vpnzone
brand: ipkg
autoboot: true
bootargs:
pool:
limitpriv: default
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
physical: vpninternal0
defrouter not specified
net:
address not specified
allowed-address not specified
physical: vpnvnic0
defrouter not specified
device:
match: /dev/lockstat
device:
match: /dev/tun*
...
this is for a "client" rather than for a "server", but hopefully this will
give you some mileage.
Jon
On Mon, 21 Jan 2019 at 08:30, Jonathan Adams wrote:
> I know in the past that I had to pass through specific dev interfaces.
> I'll take a look when I get to work, as I think we still have one box set
> up that way.
> Jon
>
> On Mon, 21 Jan 2019 07:46 Alexander Pyhalov via oi-dev <
> oi-dev@openindiana.org wrote:
>
>> Hi.
>> I suppose some of the privileges mentioned in
>> /lib/svc/manifest/network/openvpn.xml are not available in zone (look at
>> method_credential section).
>>
>> С уважением,
>> Александр Пыхалов,
>> программист отдела телекоммуникационной инфраструктуры
>> управления информационно-коммуникационной инфраструктуры ЮФУ
>>
>>
>> ____
>> От: Sven Schmeling
>> Отправлено: 18 января 2019 г. 23:36:17
>> Кому: OpenIndiana Developer mailing
>> Тема: [oi-dev] OpenVPN in a local zone
>>
>> Hello,
>>
>> i have installed OpenVPN in a local zone.
>>
>> Starting the service with "svcadm enable svc:/network/openvpn:default"
>> (or rebooting the zone) ends in the maintenance mode:
>>
>> # svcs openvpn
>> STATE STIMEFMRI
>> maintenance19:46:37 svc:/network/openvpn:default
>>
>> cat /var/svc/log/network-openvpn:default.log
>>
>> [ Jan 18 19:46:37 Enabled. ]
>> [ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
>> openvpn --config '/etc/openvpn/openvpn.conf'"). ]
>> [ Jan 18 19:46:37 svc.startd could not set context for method: ]
>> setppriv: Not owner
>> [ Jan 18 19:46:37 Method "start" exited with status 96. ]
>>
>> Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
>> are maded but doesn't change the behavior.
>>
>> Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
>> '/etc/openvpn/openvpn.conf'" on the command line works fine and
>> connections are possible.
>>
>>
>> Any hints about the "setppriv" error?
>>
>> --
>>
>> pkg info openvpn
>> Name: network/openvpn
>> Summary: OpenVPN is a full-featured open source SSL VPN solution
>> Category: Applications/Internet
>> State: Installed
>> Publisher: openindiana.org
>> Version: 2.4.3
>> Branch: 2018.0.0.1
>> Packaging Date: Sun Feb 11 13:19:38 2018
>> Size: 1.19 MB
>> FMRI:
>> pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
>> Project URL: http://openvpn.net
>> Source URL:
>> http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz
>>
>> --
>>
>> Thanks
>>
>> Sven Schmeling
>>
>>
>> - --
>> Sven Schmeling, Oldenburg, Germany
>> mailto:sven.schmel...@schmeling-ol.de
>>
>>
>>
>>
>>
>> ___
>> oi-dev mailing list
>> oi-dev@openindiana.org
>> https://openindiana.org/mailman/listinfo/oi-dev
>
>
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenVPN in a local zone
I know in the past that I had to pass through specific dev interfaces.
I'll take a look when I get to work, as I think we still have one box set
up that way.
Jon
On Mon, 21 Jan 2019 07:46 Alexander Pyhalov via oi-dev <
oi-dev@openindiana.org wrote:
> Hi.
> I suppose some of the privileges mentioned in
> /lib/svc/manifest/network/openvpn.xml are not available in zone (look at
> method_credential section).
>
> С уважением,
> Александр Пыхалов,
> программист отдела телекоммуникационной инфраструктуры
> управления информационно-коммуникационной инфраструктуры ЮФУ
>
>
>
> От: Sven Schmeling
> Отправлено: 18 января 2019 г. 23:36:17
> Кому: OpenIndiana Developer mailing
> Тема: [oi-dev] OpenVPN in a local zone
>
> Hello,
>
> i have installed OpenVPN in a local zone.
>
> Starting the service with "svcadm enable svc:/network/openvpn:default"
> (or rebooting the zone) ends in the maintenance mode:
>
> # svcs openvpn
> STATE STIMEFMRI
> maintenance19:46:37 svc:/network/openvpn:default
>
> cat /var/svc/log/network-openvpn:default.log
>
> [ Jan 18 19:46:37 Enabled. ]
> [ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
> openvpn --config '/etc/openvpn/openvpn.conf'"). ]
> [ Jan 18 19:46:37 svc.startd could not set context for method: ]
> setppriv: Not owner
> [ Jan 18 19:46:37 Method "start" exited with status 96. ]
>
> Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
> are maded but doesn't change the behavior.
>
> Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
> '/etc/openvpn/openvpn.conf'" on the command line works fine and
> connections are possible.
>
>
> Any hints about the "setppriv" error?
>
> --
>
> pkg info openvpn
> Name: network/openvpn
> Summary: OpenVPN is a full-featured open source SSL VPN solution
> Category: Applications/Internet
> State: Installed
> Publisher: openindiana.org
> Version: 2.4.3
> Branch: 2018.0.0.1
> Packaging Date: Sun Feb 11 13:19:38 2018
> Size: 1.19 MB
> FMRI:
> pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
> Project URL: http://openvpn.net
> Source URL:
> http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz
>
> --
>
> Thanks
>
> Sven Schmeling
>
>
> - --
> Sven Schmeling, Oldenburg, Germany
> mailto:sven.schmel...@schmeling-ol.de
>
>
>
>
>
> ___
> oi-dev mailing list
> oi-dev@openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenVPN in a local zone
Hi.
I suppose some of the privileges mentioned in
/lib/svc/manifest/network/openvpn.xml are not available in zone (look at
method_credential section).
С уважением,
Александр Пыхалов,
программист отдела телекоммуникационной инфраструктуры
управления информационно-коммуникационной инфраструктуры ЮФУ
От: Sven Schmeling
Отправлено: 18 января 2019 г. 23:36:17
Кому: OpenIndiana Developer mailing
Тема: [oi-dev] OpenVPN in a local zone
Hello,
i have installed OpenVPN in a local zone.
Starting the service with "svcadm enable svc:/network/openvpn:default"
(or rebooting the zone) ends in the maintenance mode:
# svcs openvpn
STATE STIMEFMRI
maintenance19:46:37 svc:/network/openvpn:default
cat /var/svc/log/network-openvpn:default.log
[ Jan 18 19:46:37 Enabled. ]
[ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
openvpn --config '/etc/openvpn/openvpn.conf'"). ]
[ Jan 18 19:46:37 svc.startd could not set context for method: ]
setppriv: Not owner
[ Jan 18 19:46:37 Method "start" exited with status 96. ]
Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
are maded but doesn't change the behavior.
Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
'/etc/openvpn/openvpn.conf'" on the command line works fine and
connections are possible.
Any hints about the "setppriv" error?
--
pkg info openvpn
Name: network/openvpn
Summary: OpenVPN is a full-featured open source SSL VPN solution
Category: Applications/Internet
State: Installed
Publisher: openindiana.org
Version: 2.4.3
Branch: 2018.0.0.1
Packaging Date: Sun Feb 11 13:19:38 2018
Size: 1.19 MB
FMRI:
pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
Project URL: http://openvpn.net
Source URL:
http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz
--
Thanks
Sven Schmeling
- --
Sven Schmeling, Oldenburg, Germany
mailto:sven.schmel...@schmeling-ol.de
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
[oi-dev] OpenVPN in a local zone
Hello,
i have installed OpenVPN in a local zone.
Starting the service with "svcadm enable svc:/network/openvpn:default"
(or rebooting the zone) ends in the maintenance mode:
# svcs openvpn
STATE STIME FMRI
maintenance 19:46:37 svc:/network/openvpn:default
cat /var/svc/log/network-openvpn:default.log
[ Jan 18 19:46:37 Enabled. ]
[ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
openvpn --config '/etc/openvpn/openvpn.conf'"). ]
[ Jan 18 19:46:37 svc.startd could not set context for method: ]
setppriv: Not owner
[ Jan 18 19:46:37 Method "start" exited with status 96. ]
Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
are maded but doesn't change the behavior.
Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
'/etc/openvpn/openvpn.conf'" on the command line works fine and
connections are possible.
Any hints about the "setppriv" error?
--
pkg info openvpn
Name: network/openvpn
Summary: OpenVPN is a full-featured open source SSL VPN solution
Category: Applications/Internet
State: Installed
Publisher: openindiana.org
Version: 2.4.3
Branch: 2018.0.0.1
Packaging Date: Sun Feb 11 13:19:38 2018
Size: 1.19 MB
FMRI:
pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
Project URL: http://openvpn.net
Source URL:
http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz
--
Thanks
Sven Schmeling
- --
Sven Schmeling, Oldenburg, Germany
mailto:sven.schmel...@schmeling-ol.de
pEpkey.asc
Description: application/pgp-keys
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
