use tun0 in jail (FreeBSD 11.1-RELEASE-p4)

Question

use tun0 in jail (FreeBSD 11.1-RELEASE-p4)

tell me how to share openvpn interface(tun0) in the main system for jail and use it in jail

In main host(openvpn interface):

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 10.56.52.1 --> 10.56.48.253  netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun
        Opened by PID 95844

ping 10.56.48.253 - ok

In jail(he looks like this):

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        groups: tun
        Opened by PID 95844

ping 10.56.48.253 - not pinged

interface

freebsd

lan

openvpn

jail

asked on Stack Overflow Feb 24, 2019 by

Mihail

1 Answer

To ping from jail allow_raw_sockets must be enabled.

# sysctl security.jail.allow_raw_sockets=1

See Jail. Ping to Host, Operation not permitted.

Example jail.conf

test_01 {
    host.hostname = "test_01";
    ip4.addr = 127.0.2.1,10.1.0.51;
    allow.raw_sockets = "true";
    mount.devfs = "true";

answered on Stack Overflow Feb 24, 2019 by

Vladimir Botka

User contributions licensed under CC BY-SA 3.0