[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] OpenVPN in a FreeBSD jail



Zenny wrote:
> On 8/28/13, Philipp Wuensche <cryx-freebsd AT h3q DOT com> wrote:
>> Dan Langille wrote:
>>> Are you running OpenVPN in a FreeBSD 9.1 jail?
>>>
>>> If so, I want to talk to you.  The docs i have found are from 2011, and
>>> things have changed.
>>>
>>> The main issue I have now is tun0 disappearing when OpenVPN stops, but I
>>> have OpenVPN running (but untested).
>>>
>>> I'd like to learn more from someone who already has this running.
>> I have solved this with the usage of jaildaemon and a small script that
>> recreates the tun0 config inside the hostsystem when the openvpn
>> rc-script is run inside the jail.
>>
> Would you mind sharing the process? Thanks!

Sure!

As the problem is that when you stop openvpn inside the jail, openvpn
unconfigures its tun interface, I have ja jaildaemon running in the
hostsystem, which executes a script which simply reconfigures the tun0
interface from within the hostsystem everytime openvpn is stopped/restarted.

Inside the hostsystem I run this jaildaemon:

jaildaemon -j <jid-of-your-openvpn-jail> -c /opt/openvpn-route-reset -t
route-reset -r

The /opt/openvpn-route-reset script simply reconfigures the interface
and route:

------------------------
#!/bin/sh

ifconfig tun0 10.1.0.1 10.1.0.2 netmask 255.255.255.255
route add -net 10.1.0.0/24 10.1.0.2
------------------------

And in the rc.d/openvpn script inside the jail I added the kill of the
jaildaemon probe:

-----------------------
stop_postcmd()
{
	rm -f "$pidfile" || warn "Could not remove $pidfile."
+	pkill -HUP -f route-reset
}

-----------------------

This way, everytime I restart openvpn inside the jail the
/opt/openvpn-route-reset script gets executed in the hostsystem and the
interface correctly setup.

greetings,
cryx