Routing certain iocages through openvpn iocage

[Yaguznal]

Hello everyone,

I think the subject is pretty self explanatory.
Ideally, I'd love to have one iocage connected to my vpn and route access to the internet for multiple other iocages through that, while maintaining access to cages from the lan.

How do I go about it?

I am currently running 11.1u6 and went full iocage for my jails.

 

[Yaguznal]

I found this post where @Alan Kelly used jails instead of iocages to do this. Maybe I am doing it wrong because when I use the vpn cage as gateway for another cage, the other cage has no internet access at all but it can ping the vpn jail from the other jail.

https://forums.freenas.org/index.php?threads/openvpn-client-jail.48473/#post-391083

 

[Yaguznal]

It works when you have gateway_enable="YES" in the rc.conf of the host iocage and use the ip of the host iocage as gateway for the client iocages. The only thing that does not work is the routing for the traffic.
Is it possible to route all incoming traffic from a certain ip range trough the tun interface? I am by no means an ipfw expert and the rules used in the post I linked above do not work.

 

[dlavigne]

Were you able to resolve this?

 

[Yaguznal]

No I didn't. It needs those IPFW rules to nat everything. I have tried everything I could imagine but that's not a lot since I just started figuring them out. It did cost me 2 days with just more questions than answers. I was hoping someone with more experience would help me out.