As there is no real progress in my piano sessions due to the lack of time and blah I just have another nice topic which costs me a couple of hours I want you to spend more efficient. But there will definitely be piano contest soon I promise, so please stay patient.
Migrating your openvpn server to run within a jail on freeBSD
You might have recognized that I am moving servcies from an old and long used linux host to clients they’re more suitable today.
So I did with my running openvpn server which should stay openvpn and will be replaced by cisco ipsec/vpn later on; so look out for another post then 😉
First I wanted to put the openvpn server into a jail which I use a lot to keep the system clean and opeational for each of the servcies:
[root@zolga:~] jls JID IP Address Hostname Path 1 10.2.0.2 xterm /usr/jails/xterm 2 10.2.0.50 tor /usr/jails/tor 3 10.2.0.154 syslog /usr/jails/syslog 4 10.2.0.33 sql /usr/jails/sql 5 10.2.0.137 nethack /usr/jails/nethack 6 10.2.0.25 mail.mynet.lc /usr/jails/mail 7 10.2.0.81 web.mynet.lc /usr/jails/http 8 10.2.0.80 erl /usr/jails/erl 9 10.2.0.52 ejabber.myspot.at /usr/jails/ejabber 10 10.2.0.10 dns.mynet.lc /usr/jails/dns 11 10.2.0.11 dhcp /usr/jails/dhcp 29 10.2.0.194 openvpn /usr/jails/openvpn [root@zolga:~]
On the setup of the new server there was not a single issue to solve: just install the server, take your old configuration files and keys with you and everything will be fine. So. I. thought.
But as one of the features a jail cannnot do what it wants with the host it is sitting on, and so the first run of the server failed by dynamically create the tunnel interface which is needed to set up the site-2-site connection.
And this is prohibited by default, so this step has to done manually once, but there is a good howto in freebsd forums.
The configuration file of the openVPN configutation itself is not topic of this post, because there are several ways to set up a VPN connection. All you have to take care of in this step is, to use the same interface (“dev tun0” or “dev tap0”) in your /usr/local/etc/openvpn/server.conf as you created before.