Veiva Posted August 9, 2016 Share Posted August 9, 2016 (edited) This has been frustrating me for over a week now. I have OpenVPN set up outside of the jail, on the FreeBSD host system. It creates a new network interface, tun0. This works. I want to create a jail that connects to the internet only via the VPN. But for the life of me, I cannot understand how to do this. Every attempt results in the jail having no network access at all, or it connects through the default interface (re0 in my case) and has access to the LAN and internet. So how do I route/redirect all internet traffic through a VPN from a FreeBSD jail? I don't know all that much about networking, so please bear with me. Sorry for any mistakes. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted August 9, 2016 Veteran Share Posted August 9, 2016 That wouldn't be a vpn, that would be a proxy. vpn = incoming through the internet proxy = outgoing to the internet what is it exactly that you are trying to do? Understanding what it is that you are trying to do will help us help you. Why are you referring to the inside network as a jail....is it actually a jail? oh i see it is a freebsd thing...ugh why can't they use terminology that the rest of the world uses..... Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 9, 2016 MVC Share Posted August 9, 2016 You could for sure have a vpn as a client connection to say a vps you run vpn on, or a service you purchase like a hidemyass, or any of the other gazillion vpn services that prey on the lack of understanding of your typical users and think they need to hide their IP address from say neowin, or want to circumvent geo restrictions, etc. But lets be clear.. You have this instance of openvpn running on freebsd to some outside vpn you run or service. And now you have some application running in a jail that you only want it to use this tunnel you create? Routing applications can be difficult.. Routing to a specific destination is much easier to be sure. But if you setup multiple routing tables you can setup your jail to use the specific routing table that sends traffic out your vpn. And you could then have other jails use this same routing table. Here is a write up that is exactly what your wanting to do I believe.. https://blog.feld.me/posts/2015/06/routing-a-freebsd-jail-through-openvpn/ Routing a FreeBSD Jail through OpenVPN I have not tested this, so not sure its not without errors on the setup but the general idea is sound. You create a different routing table and have your jail only use that routing table. Think if it as different vrf in the cisco world sc302. Veiva 1 Share Link to comment Share on other sites More sharing options...
Veiva Posted August 9, 2016 Author Share Posted August 9, 2016 Thank you, BudMan! It appears that works. I've been really frustrated for over a week now! Yeah, I only spent an hour or two every day on the task, but... Also, I'm using the "jail-behind-a-VPN" for some niche educational project. It probably won't amount to anything, but after the difficulty I had trying to get the setup working, I'm definitely going to finish it at least :). Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 9, 2016 MVC Share Posted August 9, 2016 Glad you got it sorted.. Your google fu must be on the fritz?? Simple google for "route freebsd jail openvpn" and that link I posted is 3rd link provided.. I was going to fire up my freebsd vm and create a quick guide for you, but figured hey someone prob already done that How were you searching for this? Where you using bing or something? I just put those same terms into bing and my link is not on first few of pages, but what is funny is this neowin thread is on page 1 now of bing with those search terms. Link to comment Share on other sites More sharing options...
Veiva Posted August 9, 2016 Author Share Posted August 9, 2016 I use DuckDuckGo. The results can be poor for less popular topics. Link to comment Share on other sites More sharing options...
Recommended Posts