# OpenVPN and jails



## dvl@ (Oct 21, 2013)

I'm starting to run jails on remote servers. Each servers is also running OpenVPN on tun0.  I'm wondering if I could have additional IP addresses on tun0 and hand them out, one to a jail. That would give me easy access for admin (e.g. nagios, bacula).

Ideas?


----------



## dvl@ (Oct 22, 2013)

Last night I was toying with the idea of adding an extra IP address to each jail, then creating a tunnel from the jail to the VPN... I don't know if that is feasible.


----------



## Zare (Oct 22, 2013)

It is, just search forums for "openvpn jail" and pick up relevant bits.


----------



## dvl@ (Nov 19, 2013)

I've searched.  I've failed to pick up any relevant bits.  I suspect it's the failure to know which bits are relevant and which are not.

Each of my servers on the internet calls home to the OpenVPN server.  They each get assigned a static IP address in the 10.8.1.0/24 range.

This is the OpenVPN connection on the server:


```
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::203:6dff:fe1e:59b0%tun0 prefixlen 64 scopeid 0xb
        inet 10.8.1.75 --> 10.8.1.76 netmask 0xffffffff
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 3334
```

On those servers, the jails get assigned public IP addresses.  I know how to add additional IP addresses to a jail.  Since I'm using ezjail, I can make this entry in /usr/local/etc/ezjail/mailjail:


```
export jail_mailjail_org_ip="61.90.182.122,10.8.1.77"
```

Am I headed down the right track?


----------



## dvl@ (Dec 24, 2013)

Done.  And documented: http://dan.langille.org/2013/12/23/acce ... r-openvpn/


----------

