[FUG-BR] openvpn jail

Fabricio Lima listas em fabriciolima.com.br
Quinta Maio 14 15:38:17 BRT 2015


ola..

alguem ja conseguiu fazer rodar openvpn em uma jail?

to apanhando do devfs....
preciso do /dev/tun pra dar um ifconfig create tun0
mas da operation not permited.

alguma luz?

jail# ls /dev
fd  null  random  stderr  stdin  stdout  urandom  zero

---------------------------------------------------------------------

# cat etc/devfs.rules
[openvpn_ruleset=5]
add include $devfsrules_hide_all
add include $devfsrules_unhide_login
add include $devfsrules_unhide_basic
add path tun0 unhide
-------------------------------------------------------------------------------

# cat etc/jail.conf
path = "/usr/jails/$name";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
allow.mount;
allow.sysvipc;
allow.raw_sockets;
exec.consolelog = "/var/log/jail_${name}_console.log";
devfs_ruleset = 4;
interface=lo1;

www {
        host.hostname = "www";
        ip4.addr = 10.1.1.2;
}

vpn {
        host.hostname = "vpn";
        ip4.addr = 10.1.1.3;
        devfs_ruleset = 5;
}

-----------------------------------------------------------
# cat /usr/jails/vpn/etc/rc.conf
cloned_interface="tun"
------------------------------------------------------------------


[ ]'s
Fabricio Lima
Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrifice of a live chicken.


Mais detalhes sobre a lista de discussão freebsd