[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] OpenVPN in a FreeBSD jail

On 2013-08-29 11:17, Philipp Wuensche wrote:
Zenny wrote:
On 8/28/13, Philipp Wuensche <cryx-freebsd AT h3q DOT com> wrote:
Dan Langille wrote:
Are you running OpenVPN in a FreeBSD 9.1 jail?

If so, I want to talk to you.  The docs i have found are from 2011, and
things have changed.

The main issue I have now is tun0 disappearing when OpenVPN stops, but I
have OpenVPN running (but untested).

I'd like to learn more from someone who already has this running.
I have solved this with the usage of jaildaemon and a small script that
recreates the tun0 config inside the hostsystem when the openvpn
rc-script is run inside the jail.

Would you mind sharing the process? Thanks!


As the problem is that when you stop openvpn inside the jail, openvpn
unconfigures its tun interface, I have ja jaildaemon running in the
hostsystem, which executes a script which simply reconfigures the tun0
interface from within the hostsystem everytime openvpn is stopped/restarted.

Inside the hostsystem I run this jaildaemon:

jaildaemon -j <jid-of-your-openvpn-jail> -c /opt/openvpn-route-reset -t
route-reset -r

This makes me think you need to restart jaildaemon whenever that jail is restarted. I am
quite confident that can be scripted.  Have you done that already?

Reading man 1 jaildaemon, I see that this starts a spawn a process in the given jail,
and gives that process a proctitle of 'route-reset'.

The /opt/openvpn-route-reset script simply reconfigures the interface
and route:


ifconfig tun0 netmask
route add -net

And in the rc.d/openvpn script inside the jail I added the kill of the
jaildaemon probe:

	rm -f "$pidfile" || warn "Could not remove $pidfile."
+	pkill -HUP -f route-reset

Reading man 1 pkill, this sends a HUP to all processes with title = 'route-reset'.

This causes the spawned process to report back to the jaildaemon, which then executes
the /opt/openvpn-route-reset script.



This way, everytime I restart openvpn inside the jail the
/opt/openvpn-route-reset script gets executed in the hostsystem and the
interface correctly setup.


Dan Langille - http://langille.org/