# Connecting to jails through OpenVPN



## demonicalmonk (Jul 14, 2013)

Hi!

I've got a FreeBSD machine with several jails on it (ezjail). These jails' IP addresses come from the 10.0.2.0/24 subnet, so it's 10.0.2.1 for jail1, 10.0.2.2 for jail2, etc.

Jail IPs are aliased on em0:

```
# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether e0:69:95:63:0f:9e
        inet 91.XXX.XXX.XXX netmask 0xffffff00 broadcast 91.XXX.XXX.255
        inet 178.XXX.XXX.XXX netmask 0xffffffff broadcast 178.XXX.XXX.XXX
        inet 10.0.5.0 netmask 0xffffff00 broadcast 10.0.5.255
        inet 10.0.2.3 netmask 0xffffffff broadcast 10.0.2.3
        inet 10.0.2.1 netmask 0xffffffff broadcast 10.0.2.1
        inet 10.0.2.4 netmask 0xffffffff broadcast 10.0.2.4
        inet 10.0.2.2 netmask 0xffffffff broadcast 10.0.2.2
```

I'm using ipfilter and ipnat, so the jail subnet is mapped to the public IP.

```
map em0 10.0.2.0/24 -> 178.XXX.XXX.XXX/32
```

Now, I set up an OpenVPN service (my server.conf is attached below) on this machine and want to connect to an HTTP server, which is on 10.0.2.3:80. For OpenVPN users, one IP from 10.0.5.0/24 is always assigned.

Currently it's not possible to connect 10.0.2.3:80 using a browser on Windows with the OpenVPN session started (connection timeout), even though pushed routes are valid. What should I do with ipnat (and probably my OpenVPN server config) to make it work?

Greetings,
DM


----------

