[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] OpenVPN in a FreeBSD jail
On 2013-08-29 11:17, Philipp Wuensche wrote:
On 8/28/13, Philipp Wuensche <cryx-freebsd AT h3q DOT com> wrote:
Dan Langille wrote:
Are you running OpenVPN in a FreeBSD 9.1 jail?
If so, I want to talk to you. The docs i have found are from 2011, and
things have changed.
The main issue I have now is tun0 disappearing when OpenVPN stops, but
have OpenVPN running (but untested).
I'd like to learn more from someone who already has this running.
I have solved this with the usage of jaildaemon and a small script that
recreates the tun0 config inside the hostsystem when the openvpn
rc-script is run inside the jail.
Would you mind sharing the process? Thanks!
As the problem is that when you stop openvpn inside the jail, openvpn
unconfigures its tun interface, I have ja jaildaemon running in the
hostsystem, which executes a script which simply reconfigures the tun0
interface from within the hostsystem everytime openvpn is
Inside the hostsystem I run this jaildaemon:
jaildaemon -j <jid-of-your-openvpn-jail> -c /opt/openvpn-route-reset -t
This makes me think you need to restart jaildaemon whenever that jail is
restarted. I am
quite confident that can be scripted. Have you done that already?
Reading man 1 jaildaemon, I see that this starts a spawn a process in
the given jail,
and gives that process a proctitle of 'route-reset'.
The /opt/openvpn-route-reset script simply reconfigures the interface
ifconfig tun0 10.1.0.1 10.1.0.2 netmask 255.255.255.255
route add -net 10.1.0.0/24 10.1.0.2
And in the rc.d/openvpn script inside the jail I added the kill of the
rm -f "$pidfile" || warn "Could not remove $pidfile."
+ pkill -HUP -f route-reset
Reading man 1 pkill, this sends a HUP to all processes with title =
This causes the spawned process to report back to the jaildaemon, which
the /opt/openvpn-route-reset script.
This way, everytime I restart openvpn inside the jail the
/opt/openvpn-route-reset script gets executed in the hostsystem and the
interface correctly setup.
Dan Langille - http://langille.org/