Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Tun interface doesn't survive jail restart

NasKar

Neophyte Sage
Joined
Jan 8, 2016
Messages
670
I'm using FN 11.3 and I've notice that if I restart my jail
Code:
iocage restart transmission
the tun interface doesn't survive a restart of the jail. I have to run
Code:
ifconfig tun create
in the jail to create the tun interface.

This maybe part of the same problem but if you create a jail from scratch
Code:
iocage create -n "transmission2" -p /tmp/pkg.json -r 11.3-RELEASE ip4_addr="vnet0|192.168.5.79/24" defaultrouter="192.168.5.1" vnet="on" allow_raw_sockets="1" boot="on" allow_tun="1"
then do an ifconfig in the jail there is no tun interface.
 

Basil Hendroff

Neophyte Sage
Joined
Jan 4, 2014
Messages
1,243
If you haven't already done so, to allow jails to access tun devices, include the following pre-init task and reboot the server to allow the rule to take effect.

Code:
devfs rule -s 4 add path 'tun*' unhide


By default, FreeNAS 11.3 limits the devices jails can access in the host system. More details here.
 

NasKar

Neophyte Sage
Joined
Jan 8, 2016
Messages
670
If you haven't already done so, to allow jails to access tun devices, include the following pre-init task and reboot the server to allow the rule to take effect.
Good point but I've already done that. Thanks for the link, could you explain further? allow_tun="1" isn't enough in the iocage create command to create the tun in the jail?
 

Basil Hendroff

Neophyte Sage
Joined
Jan 4, 2014
Messages
1,243
@Pentaflake has a good handle on this. Refer to his post here.

From my limited understanding, allow_tun allows the jail to create tun devices. To protect the host system from jails, devices in the host now have to be explicitly exposed to jails that need access to them. This is done through rules in the host.
 
Last edited:
Top