[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] OpenVPN in a FreeBSD jail

Zenny wrote:
> On 8/28/13, Philipp Wuensche <cryx-freebsd AT h3q DOT com> wrote:
>> Dan Langille wrote:
>>> Are you running OpenVPN in a FreeBSD 9.1 jail?
>>> If so, I want to talk to you.  The docs i have found are from 2011, and
>>> things have changed.
>>> The main issue I have now is tun0 disappearing when OpenVPN stops, but I
>>> have OpenVPN running (but untested).
>>> I'd like to learn more from someone who already has this running.
>> I have solved this with the usage of jaildaemon and a small script that
>> recreates the tun0 config inside the hostsystem when the openvpn
>> rc-script is run inside the jail.
> Would you mind sharing the process? Thanks!


As the problem is that when you stop openvpn inside the jail, openvpn
unconfigures its tun interface, I have ja jaildaemon running in the
hostsystem, which executes a script which simply reconfigures the tun0
interface from within the hostsystem everytime openvpn is stopped/restarted.

Inside the hostsystem I run this jaildaemon:

jaildaemon -j <jid-of-your-openvpn-jail> -c /opt/openvpn-route-reset -t
route-reset -r

The /opt/openvpn-route-reset script simply reconfigures the interface
and route:


ifconfig tun0 netmask
route add -net

And in the rc.d/openvpn script inside the jail I added the kill of the
jaildaemon probe:

	rm -f "$pidfile" || warn "Could not remove $pidfile."
+	pkill -HUP -f route-reset


This way, everytime I restart openvpn inside the jail the
/opt/openvpn-route-reset script gets executed in the hostsystem and the
interface correctly setup.