built-in OpenVPN-Server or inside jail?

[mistermanko]

I'm working on my offsite backup solution and ran into a slight hicc-up.
If I set up an OVPN-Server via the GUI, I can't limit the offsite ssh-user to his specific home directory (i.e. /mnt/tank/userhome/remoteuser). Instead his user has access to the whole /mnt/tank/... This is not intended by all means.
Permissions of his User and Group are limited to exactly only the user:group and the home directory is setup via the GUI.

So i read up about it here in the Forums and almost every time the suggestion is to switch to an OVPN-Server inside a jail, fstab the specific dataset to the home directory and be good.
Is this the way to go? What am I missing?

 

[mistermanko]

Anybody got a running OpenVPN Server for offsite zfs replication and can share his experience?

 

[mistermanko]

As my journey continues I can adress some of the question I came across:

1. ZFS replication is not gonna work with openvpn server set up in a jail.
2. ZFS replication is only gonna work with as the root user of the host system.
3. There is no way to get zfs replication to work without providing root access to the clients (destination server) root user.

Lesson learned: If I don't own the offsite server and or don't trust the root user of the offsite server, zfs replication is no option.