Hello,
I have two jails setup each with their own openvpn connection (I am using two because I need the the outside of the vpn in different locations). One is plex the other is transmission. For the most part they work fine. The issue that comes up is that each of them have a different tun device, one will be tun0 the other is tun1. The trick is that the tun number seems to change randomly for me. One day tun0 will be plex and transmission tun1. The next day plex will be tun1 and transmission tun0. The tun device is set in my ipfw.rules file for each jail. If I have an issue, and I switch the tun number in the ipfw.rules file on each, they work fine (I restart openvpn and the ipfw service, not sure if that is necessary when I update the number, but seems to make it take faster).
My question is, is there a way to make the tun device dynamic for the jail so I don't need to update it all the time?
Here is a copy of my ipfw.rules file (transmission is similar with just the changes needed for the different jail):
vpn="tun1" is where the device is set. Right below that in the script you can see i tried to make something dynamic (commented out), this gives the right tun device when I run it manually, but does not seem to work in the ipfw.rules file. I don't know if you can even run a command like that in this file.
What do I need to do to make the vpn="tun1" dynamic and constantly watch for the active tun device for that jail?
Also, what is the explanation for tun changing on me when the jails don't restart?
I have two jails setup each with their own openvpn connection (I am using two because I need the the outside of the vpn in different locations). One is plex the other is transmission. For the most part they work fine. The issue that comes up is that each of them have a different tun device, one will be tun0 the other is tun1. The trick is that the tun number seems to change randomly for me. One day tun0 will be plex and transmission tun1. The next day plex will be tun1 and transmission tun0. The tun device is set in my ipfw.rules file for each jail. If I have an issue, and I switch the tun number in the ipfw.rules file on each, they work fine (I restart openvpn and the ipfw service, not sure if that is necessary when I update the number, but seems to make it take faster).
My question is, is there a way to make the tun device dynamic for the jail so I don't need to update it all the time?
Here is a copy of my ipfw.rules file (transmission is similar with just the changes needed for the different jail):
Code:
# Set rules command prefix cmd="ipfw -q add" vpn="tun1" #vpn=`ifconfig | grep -m1 "tun" | cut -c1-4` # allow all local traffic on the loopback interface $cmd 00001 allow all from any to any via lo0 # allow any connection to/from VPN interface $cmd 00010 allow all from any to any via $vpn # allow connection to/from LAN by Plex $cmd 00101 allow all from me to 192.168.0.0/24 uid plex $cmd 00102 allow all from 192.168.0.0/24 to me uid plex # deny any Plex connection outside LAN that does not use VPN $cmd 00103 deny all from any to any uid plex
vpn="tun1" is where the device is set. Right below that in the script you can see i tried to make something dynamic (commented out), this gives the right tun device when I run it manually, but does not seem to work in the ipfw.rules file. I don't know if you can even run a command like that in this file.
What do I need to do to make the vpn="tun1" dynamic and constantly watch for the active tun device for that jail?
Also, what is the explanation for tun changing on me when the jails don't restart?
