Route/redirect internet traffic through VPN from FreeBSD jail?

By Veiva
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

Veiva

Posted
Posted (edited)

This has been frustrating me for over a week now.

 

I have OpenVPN set up outside of the jail, on the FreeBSD host system. It creates a new network interface, tun0. This works.

 

I want to create a jail that connects to the internet only via the VPN. But for the life of me, I cannot understand how to do this. Every attempt results in the jail having no network access at all, or it connects through the default interface (re0 in my case) and has access to the LAN and internet.

 

So how do I route/redirect all internet traffic through a VPN from a FreeBSD jail? I don't know all that much about networking, so please bear with me. Sorry for any mistakes.

Link to comment
Share on other sites
Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

That wouldn't be a vpn, that would be a proxy. 

 

vpn = incoming through the internet

proxy = outgoing to the internet

 

what is it exactly that you are trying to do?  Understanding what it is that you are trying to do will help us help you. 

 

Why are you referring to the inside network as a jail....is it actually a jail?

 

oh i see it is a freebsd thing...ugh why can't they use terminology that the rest of the world uses.....

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You could for sure have a vpn as a client connection to say a vps you run vpn on, or a service you purchase like a hidemyass, or any of the other gazillion vpn services that prey on the lack of understanding of your typical users and think they need to hide their IP address from say neowin, or want to circumvent geo restrictions, etc.

 

But lets be clear.. You have this instance of openvpn running on freebsd to some outside vpn you run or service.  And now you have some application running in a jail that you only want it to use this tunnel you create?  Routing applications can be difficult.. Routing to a specific destination is much easier to be sure.  But if you setup multiple routing tables you can setup your jail to use the specific routing table that sends traffic out your vpn.  And you could then have other jails use this same routing table.

 

Here is a write up that is exactly what your wanting to do I believe..

https://blog.feld.me/posts/2015/06/routing-a-freebsd-jail-through-openvpn/

Routing a FreeBSD Jail through OpenVPN

 

I have not tested this, so not sure its not without errors on the setup but the general idea is sound.  You create a different routing table and have your jail only use that routing table.  Think if it as different vrf in the cisco world sc302.

Link to comment
Share on other sites
Mentor

Veiva

Posted
  • Author
Posted

Thank you, BudMan! It appears that works. I've been really frustrated for over a week now! Yeah, I only spent an hour or two every day on the task, but...

 

Also, I'm using the "jail-behind-a-VPN" for some niche educational project. It probably won't amount to anything, but after the difficulty I had trying to get the setup working, I'm definitely going to finish it at least :).

Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Glad you got it sorted.. Your google fu must be on the fritz??  Simple google for "route freebsd jail openvpn" and that link I posted is 3rd link provided..

 

I was going to fire up my freebsd vm and create a quick guide for you, but figured hey someone prob already done that ;)

 

How were you searching for this?  Where you using bing or something? I just put those same terms into bing and my link is not on first few of pages, but what is funny is this neowin thread is on page 1 now of bing with those search terms.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.