[FUG-BR] openvpn jail
Fabricio Lima
listas em fabriciolima.com.br
Quinta Maio 14 16:14:13 BRT 2015
achei..
o erro é q o cloned inteface tem q estar no rc.conf do HOST e nao do jail
# cat /etc/rc.conf
cloned_interface="tun"
[ ]'s
Fabricio Lima
Sendmail administration is not black magic. There are legitimate technical
reasons why it requires the sacrifice of a live chicken.
2015-05-14 15:38 GMT-03:00 Fabricio Lima <listas em fabriciolima.com.br>:
> ola..
>
> alguem ja conseguiu fazer rodar openvpn em uma jail?
>
> to apanhando do devfs....
> preciso do /dev/tun pra dar um ifconfig create tun0
> mas da operation not permited.
>
> alguma luz?
>
> jail# ls /dev
> fd null random stderr stdin stdout urandom zero
>
> ---------------------------------------------------------------------
>
> # cat etc/devfs.rules
> [openvpn_ruleset=5]
> add include $devfsrules_hide_all
> add include $devfsrules_unhide_login
> add include $devfsrules_unhide_basic
> add path tun0 unhide
>
> -------------------------------------------------------------------------------
>
> # cat etc/jail.conf
> path = "/usr/jails/$name";
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> exec.clean;
> mount.devfs;
> allow.mount;
> allow.sysvipc;
> allow.raw_sockets;
> exec.consolelog = "/var/log/jail_${name}_console.log";
> devfs_ruleset = 4;
> interface=lo1;
>
> www {
> host.hostname = "www";
> ip4.addr = 10.1.1.2;
> }
>
> vpn {
> host.hostname = "vpn";
> ip4.addr = 10.1.1.3;
> devfs_ruleset = 5;
> }
>
> -----------------------------------------------------------
> # cat /usr/jails/vpn/etc/rc.conf
> cloned_interface="tun"
> ------------------------------------------------------------------
>
>
> [ ]'s
> Fabricio Lima
> Sendmail administration is not black magic. There are legitimate technical
> reasons why it requires the sacrifice of a live chicken.
>
Mais detalhes sobre a lista de discussão freebsd