Hi thank you for your help but it's not works... for me :)
I tested with iocage and create a new jail but I don't have internet access and if I test openvpn I got message like "impossible to create tun/tap device : operation not permitted"
I test a lot of parameters like "vnet on" or defaultrouter etc etc... at the end I prefer work with a jail with GUI (I got web access almost)
This is my log from openvpn :
Code:
Tue Sep 18 14:41:56 2018 OpenVPN 2.4.6 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 16 2018
Tue Sep 18 14:41:56 2018 library versions: OpenSSL 1.0.2j-freebsd 26 Sep 2016, LZO 2.10
Tue Sep 18 14:41:56 2018 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Tue Sep 18 14:41:56 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 18 14:41:56 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.234.46.18:553
Tue Sep 18 14:41:56 2018 Socket Buffers: R=[42080->42080] S=[9216->9216]
Tue Sep 18 14:41:56 2018 UDP link local: (not bound)
Tue Sep 18 14:41:56 2018 UDP link remote: [AF_INET]77.234.46.18:553
Tue Sep 18 14:41:56 2018 TLS: Initial packet from [AF_INET]77.234.46.18:553, sid=049e8814 bb99ff06
Tue Sep 18 14:41:56 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Sep 18 14:41:56 2018 VERIFY OK: depth=1, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=hidemyass.com, emailAddress=info@privax.com
Tue Sep 18 14:41:56 2018 VERIFY OK: nsCertType=SERVER
Tue Sep 18 14:41:56 2018 VERIFY OK: depth=0, C=UK, ST=London, L=London, O=Privax Ltd, OU=HMA Pro VPN, CN=server, emailAddress=info@privax.com
Tue Sep 18 14:41:56 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Sep 18 14:41:56 2018 [server] Peer Connection Initiated with [AF_INET]77.234.46.18:553
Tue Sep 18 14:41:57 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Sep 18 14:41:58 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 100.120.7.1,redirect-gateway def1,ping 9,ping-restart 30,explicit-exit-notify 1,sndbuf 196608,rcvbuf 196608,route-gateway 100.120.7.1,topology subnet,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,compress,ifconfig 100.120.7.180 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: compression parms modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Sep 18 14:41:58 2018 Socket Buffers: R=[42080->196608] S=[9216->196608]
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: route options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: route-related options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: peer-id set
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Sep 18 14:41:58 2018 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 18 14:41:58 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Sep 18 14:41:58 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 18 14:41:58 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 18 14:41:58 2018 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=epair0b HWADDR=9e:26:58:3b:cb:1e
Tue Sep 18 14:41:58 2018 GDG6: remote_host_ipv6=n/a
Tue Sep 18 14:41:58 2018 GDG6: problem writing to routing socket
Tue Sep 18 14:41:58 2018 ROUTE6: default_gateway=UNDEF
Tue Sep 18 14:41:58 2018 TUN/TAP device /dev/tun4 opened
Tue Sep 18 14:41:58 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Tue Sep 18 14:41:58 2018 /sbin/ifconfig tun4 100.120.7.180 100.120.7.1 mtu 1500 netmask 255.255.255.0 up
Tue Sep 18 14:41:58 2018 /sbin/route add -net 100.120.7.0 100.120.7.1 255.255.255.0
add net 100.120.7.0: gateway 100.120.7.1
Tue Sep 18 14:41:58 2018 /sbin/ifconfig tun4 inet6 2001:db8:123::2/64
Tue Sep 18 14:41:58 2018 /FreeNAS-Transmission-OpenVPN/scripts/start_transmission.sh tun4 1500 1553 100.120.7.180 255.255.255.0 init
transmission not running? (check /var/run/transmission/daemon.pid).
Starting transmission.
Tue Sep 18 14:41:58 2018 /sbin/route add -net 77.234.46.18 192.168.1.1 255.255.255.255
add net 77.234.46.18: gateway 192.168.1.1
Tue Sep 18 14:41:58 2018 /sbin/route add -net 0.0.0.0 100.120.7.1 128.0.0.0
add net 0.0.0.0: gateway 100.120.7.1
Tue Sep 18 14:41:58 2018 /sbin/route add -net 128.0.0.0 100.120.7.1 128.0.0.0
add net 128.0.0.0: gateway 100.120.7.1
Tue Sep 18 14:41:58 2018 add_route_ipv6(2000::/3 -> 2001:db8:123::1 metric 1) dev tun4
Tue Sep 18 14:41:58 2018 /sbin/route add -inet6 2000::/3 -iface tun4
add net 2000::/3: gateway tun4
Tue Sep 18 14:41:58 2018 Initialization Sequence Completed
Effectively I am connected.
But see what append when I test my ip :
Code:
truss wget -qO - http://wtfismyip.com/text
...
ioctl(0,TIOCGPGRP,0xffffe08c) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
ioctl(0,TIOCGPGRP,0xffffdf2c) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
socket(PF_INET6,SOCK_STREAM,0) = 3 (0x3)
connect(3,{ AF_INET6 [2607:5300:60:2592::]:80 },28) ERR#60 'Operation timed out'
close(3) = 0 (0x0)
stat("/usr/share/nls/en_US.UTF-8/libc.cat",0x7fffffffdb28) ERR#2 'No such file or directory'
stat("/usr/share/nls/libc/en_US.UTF-8",0x7fffffffdb28) ERR#2 'No such file or directory'
stat("/usr/local/share/nls/en_US.UTF-8/libc.cat",0x7fffffffdb28) ERR#2 'No such file or directory'
stat("/usr/local/share/nls/libc/en_US.UTF-8",0x7fffffffdb28) ERR#2 'No such file or directory'
ioctl(0,TIOCGPGRP,0xffffdf2c) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
ioctl(0,TIOCGPGRP,0xffffdf2c) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
socket(PF_INET,SOCK_STREAM,0) = 3 (0x3)
connect(3,{ AF_INET 198.27.74.146:80 },16) = 0 (0x0)
ioctl(0,TIOCGPGRP,0xffffdf2c) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
select(4,0x0,{ 3 },0x0,{ 900.000000 }) = 1 (0x1)
write(3,"GET /text HTTP/1.1\r\nUser-Agent"...,146) = 146 (0x92)
ioctl(0,TIOCGPGRP,0xffffe0bc) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
select(4,{ 3 },0x0,0x0,{ 900.000000 }) = 1 (0x1)
recvfrom(3,"HTTP/1.1 200 OK\r\nServer: nginx"...,511,0x2,NULL,0x0) = 295 (0x127)
read(3,"HTTP/1.1 200 OK\r\nServer: nginx"...,281) = 281 (0x119)
ioctl(0,TIOCGPGRP,0xffffe0bc) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
stat("-",0x7fffffffe168) ERR#2 'No such file or directory'
openat(AT_FDCWD,"/usr/local/lib/charset.alias",O_NOFOLLOW,00) ERR#2 'No such file or directory'
ioctl(0,TIOCGPGRP,0xffffe0bc) = 0 (0x0)
getpgrp() = 53612 (0xd16c)
select(4,{ 3 },0x0,0x0,{ 900.000000 }) = 1 (0x1)
read(3,"77.234.46.175\n",14) = 14 (0xe)
fstat(1,{ mode=crw--w---- ,inode=135,size=0,blksize=4096 }) = 0 (0x0)
ioctl(1,TIOCGETA,0xffffdde0) = 0 (0x0)
77.234.46.175
...
I got a timeout when he asking for something with ipv6
I wanted to desactivate ipv6 in a jail but I don't found the warden files or config file to add something like this :
Code:
inet6_enable="NO"
ip6addrctl_enable="NO"
Each time I change tese parameters in a jail, when I restart the jail the value is change to YES...
In the warden file I have only /etc/rc.freenas file...
Thank you for your help