[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] OpenVPN in a FreeBSD jail



On 03.09.13 20:39, Dan Langille wrote:

>> jaildaemon -j <jid-of-your-openvpn-jail> -c /opt/openvpn-route-reset -t
>> route-reset -r

> This makes me think you need to restart jaildaemon whenever that jail
> is restarted.  I am quite confident that can be scripted.
> Have you done that already?

No, you don't need to restart jaildaemon. It runs in daemon mode if
started with the -D option and spawns probes into the jail with the -c
option. And since a) the probe dies with the jail and b) potentially the
jid changes whenever the jail is restarted, it of course needs to be
respawned whenever the jail restarts

> Reading man 1 pkill, this sends a HUP to all processes with title =
> 'route-reset'.
> 
> This causes the spawned process to report back to the jaildaemon, which
> then executes
> the /opt/openvpn-route-reset script.

Correct. The -r option in the above call to jaildaemon makes the probe
auto-respawned.

  erdgeist