hadr0n
Cadet
- Joined
- May 21, 2023
- Messages
- 9
Hello,
I would need some help configuring a jail to listen on a tun interface (trying for a few full days now but I'm new to Truenas core and Freebsd). Here are some details about my setup:
- Truenas core 13.0-I4
- Openvpn server used through the Truenas core "services", working, I can connect to it from my openvpn client and ping the tun interface
- Application jail (for instance emby - but does not matter I think)
What I want to do: being able to access my application through openvpn, either through NAT (like 10.8.2.1:port) or through a separate IP (10.8.2.31 for example) whatever works.
- I gave up on the NAT solution, it works with the physical interface, but I found no way to "setup" the NAT on the tun interface, and whatever I do it tells me I cannot change the default interface which is the physical one (found nothing online seemed like a lost cause). And apparently NAT is not advised to be used with Jail.
- So I tried to go back to vnet, I found the "allow_tun" in "Custom Properties", however even after enabled it, the tun0 interface does not show up in the list "vnet_default_interface", and when I set it to none and configure some 10.8.2.x IPs it refuses to start the jail.
- I read somewhere I needed to create a bridge interface on top of the tun interface, but Truenas core refuses to create this bridge (if someone tells me it is indeed the way to go will post the error message).
I achieved to make it work at some point by linking the jail to the physical interface, then pushing some routes to it in the openvpn config but it seem ugly and might conflict with client local IPs.
Am I missing something obvious?
Thanks for your help
I would need some help configuring a jail to listen on a tun interface (trying for a few full days now but I'm new to Truenas core and Freebsd). Here are some details about my setup:
- Truenas core 13.0-I4
- Openvpn server used through the Truenas core "services", working, I can connect to it from my openvpn client and ping the tun interface
- Application jail (for instance emby - but does not matter I think)
What I want to do: being able to access my application through openvpn, either through NAT (like 10.8.2.1:port) or through a separate IP (10.8.2.31 for example) whatever works.
- I gave up on the NAT solution, it works with the physical interface, but I found no way to "setup" the NAT on the tun interface, and whatever I do it tells me I cannot change the default interface which is the physical one (found nothing online seemed like a lost cause). And apparently NAT is not advised to be used with Jail.
- So I tried to go back to vnet, I found the "allow_tun" in "Custom Properties", however even after enabled it, the tun0 interface does not show up in the list "vnet_default_interface", and when I set it to none and configure some 10.8.2.x IPs it refuses to start the jail.
- I read somewhere I needed to create a bridge interface on top of the tun interface, but Truenas core refuses to create this bridge (if someone tells me it is indeed the way to go will post the error message).
I achieved to make it work at some point by linking the jail to the physical interface, then pushing some routes to it in the openvpn config but it seem ugly and might conflict with client local IPs.
Am I missing something obvious?
Thanks for your help