# Route traffic from jail thru tun0



## Per Nissilä (Apr 8, 2015)

Hi,
I'm using OpenVPN to connect to my VPN provider. I want only traffic from a specific jail to go through the VPN and everything else through my default route. I naively thought I could just set an ip-alias and interface to tun0 through warden. Didn't work 

I haven't found much help on this elsewhere. Any ideas?


----------



## asteriskRoss (Apr 8, 2015)

Welcome to the forums.  What you're looking for is the setfib(2) functionality, which enables you to have multiple routing tables. You can then configure your jail to use a different routing table from your host machine.  There have been a few threads here on the forums about it so it would be worth searching and having a read now that you know what to search for   Post back when you need some more help.


----------



## kpa (Apr 8, 2015)

I'm not sure if it actually works but it should be possible to use route-to directive of pf(4) to re-route traffic originating from the jail to a different gateway than the default. I suspect the jail would have to use an IP address bound to a different NIC for this to work.


----------



## Per Nissilä (Apr 8, 2015)

asteriskRoss said:


> Welcome to the forums.  What you're looking for is the setfib(2) functionality, which enables you to have multiple routing tables. You can then configure your jail to use a different routing table from your host machine.  There have been a few threads here on the forums about it so it would be worth searching and having a read now that you know what to search for   Post back when you need some more help.



I was just playing with FreeNAS and found the VIMAGE setting in the jails. I saw some guide that installed the OpenVPN client in a jail that had VIMAGE enabled. Is VIMAGE considered safe to use? I will probably use FreeNAS on my server when I get it at the end of this month.


----------

