# Running OpenVPN in a jail inside the LAN



## dvl@ (Sep 1, 2013)

At present, I'm running OpenVPN on my gateway (FreeBSD 9.1).  I want to move the OpenVPN server to a jail running on a host inside the LAN.

I've managed to get OpenVPN running in that jail, but I see two problems, for which I have no solution.


tun0 is destroyed when OpenVPN restarts. tun0 must be reset from within the jail host.
The route for tun0 must be set, and reset on each OpenVPN restart, in the jail host.

I'm hoping I can find a solution, perhaps using /etc/devfs.rules in the jail host, which will allow this to be done all within the jail.


----------



## junovitch@ (Sep 2, 2013)

I have not found a solution to restarting OpenVPN within the jail. But with these two options in my /usr/local/etc/ezjail/vpn configuration it at least starts it properly.  Restarting the service means I have to restart the whole jail since it drops the IP when the OpenVPN service closes.

```
export jail_vpn_ip_multi0="tun0|10.100.103.1 10.100.103.2 netmask 255.255.255.255"
export jail_vpn_exec_prestart0="/sbin/route add -net 10.100.103.0/24 10.100.103.2"
```


----------



## dvl@ (Sep 3, 2013)

This post on the ezjail mailing list describes one solution to rebuilding tun0: https://elektropost.org/ezjail/msg00982.html


----------



## dvl@ (Sep 3, 2013)

This just in... it might help when OpenVPN restarts: https://elektropost.org/ezjail/msg00982.html

Short answer: http://erdgeist.org/arts/software/jaildaemon/

[Sorry for the duplicate post]


----------



## dvl@ (Oct 18, 2013)

I do plan to get back to this goal in the coming weeks.  I've been distracted...


----------

