Re: [zones-discuss] OpenVPN in NGZ

Fri, 09 Mar 2007 08:34:45 -0800

I would expect exactly the behavior you saw. An NGZ cannot perform any operation on kernel modules. 

Ivan Buetler wrote:

Hi there,
Anyone ever tried to start OpenVPN within a NGZ? I would expect this is an unsolveable puzzle. Running OpenVPN within the GZ runs perfectly with the mandatory tuntap (/dev/tun) device one has to download/compile. 
lrwxrwxrwx   1 root     sys           29 Mar  6 08:09 tun -> 
../devices/pseudo/[EMAIL PROTECTED]:tun
Initially, I used a sparse root zone and configured the device via zonecfg -z openvpn 
add device
set match=/dev/tun
end
Starting OpenVPN within the NGZ says: =================== 
Thu Mar  8 15:59:33 2007 us=641261 OpenVPN 2.0.9 sparc-sun-solaris2.11 [SSL] 
built on Mar  5 2007
Thu Mar  8 15:59:34 2007 us=744057 Diffie-Hellman initialized with 2024 bit key
Thu Mar  8 15:59:34 2007 us=754631 Can't push IP module: Not owner (errno=1)
Thu Mar  8 15:59:34 2007 us=754721 Exiting
===================

Hmmm -- as I expected. Then I tried to run OpenVPN within a full-root NGZ. By 
mapping the /dev/tun into the NGZ space, I received the same error as above 
(the full-root setup did not include the /dev/tun into the full-root NGZ)
Then, I was thinking of compiling the tuntap device within the NGZ itself instead of mapping it from the real /dev/tun. 
I received the following error message:

============
openvpn:~/tuntap # make install
ld -r -o tun tun.o
ld -r -o tap tap.o
./install-sh -c -m 644 -o root -g root if_tun.h /usr/include/net
./install-sh -c -m 644 -o root -g root tun /usr/kernel/drv/sparcv9
./install-sh -c -m 644 -o root -g root tap /usr/kernel/drv/sparcv9
./install-sh -c -m 644 -o root -g root tun.conf /usr/kernel/drv
./install-sh -c -m 644 -o root -g root tap.conf /usr/kernel/drv
/usr/sbin/rem_drv tun >/dev/null 2>&1
*** Error code 1 (ignored)
/usr/sbin/rem_drv tap >/dev/null 2>&1
*** Error code 1 (ignored)
/usr/sbin/add_drv tun
No such file or directory
Cannot access file (/etc/name_to_major).
*** Error code 1
make: Fatal error: Command failed for target `install'
openvpn:~/tuntap #
==============


I conclude: openvpn MUST be run within the GZ.

Any disagrees?

Ivan


--
--------------------------------------------------------------------------
Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
[email protected]

Reply via email to