[oi-dev] OpenVPN in a local zone

Mon Jan 21 09:33:08 UTC 2019

root at moysalsrv:~# zonecfg -z vpnzone info
zonename: vpnzone
zonepath: /zones/vpnzone
brand: ipkg
autoboot: true
bootargs:
pool:
limitpriv: default
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
address not specified
allowed-address not specified
physical: vpninternal0
defrouter not specified
net:
address not specified
allowed-address not specified
physical: vpnvnic0
defrouter not specified
device:
match: /dev/lockstat
device:
match: /dev/tun*

...

this is for a "client" rather than for a "server", but hopefully this will
give you some mileage.

Jon

On Mon, 21 Jan 2019 at 08:30, Jonathan Adams <t12nslookup at gmail.com> wrote:

> I know in the past that I had to pass through specific dev interfaces.
> I'll take a look when I get to work, as I think we still have one box set
> up that way.
> Jon
>
> On Mon, 21 Jan 2019 07:46 Alexander Pyhalov via oi-dev <
> oi-dev at openindiana.org wrote:
>
>> Hi.
>> I suppose some of the privileges mentioned in
>> /lib/svc/manifest/network/openvpn.xml are not available in zone (look at
>> method_credential section).
>>
>> С уважением,
>> Александр Пыхалов,
>> программист отдела телекоммуникационной инфраструктуры
>> управления информационно-коммуникационной инфраструктуры ЮФУ
>>
>>
>> ________________________________________
>> От: Sven Schmeling <sven.schmeling at schmeling-ol.de>
>> Отправлено: 18 января 2019 г. 23:36:17
>> Кому: OpenIndiana Developer mailing
>> Тема: [oi-dev] OpenVPN in a local zone
>>
>> Hello,
>>
>> i have installed OpenVPN in a local zone.
>>
>> Starting the service with "svcadm enable svc:/network/openvpn:default"
>> (or rebooting the zone) ends in the maintenance mode:
>>
>> # svcs openvpn
>> STATE          STIME    FMRI
>> maintenance    19:46:37 svc:/network/openvpn:default
>>
>> cat /var/svc/log/network-openvpn:default.log
>>
>> [ Jan 18 19:46:37 Enabled. ]
>> [ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
>> openvpn --config '/etc/openvpn/openvpn.conf'"). ]
>> [ Jan 18 19:46:37 svc.startd could not set context for method:  ]
>> setppriv: Not owner
>> [ Jan 18 19:46:37 Method "start" exited with status 96. ]
>>
>> Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
>> are maded but doesn't change the behavior.
>>
>> Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
>> '/etc/openvpn/openvpn.conf'" on the command line works fine and
>> connections are possible.
>>
>>
>> Any hints about the "setppriv" error?
>>
>> --------------
>>
>> pkg info openvpn
>> Name: network/openvpn
>> Summary: OpenVPN is a full-featured open source SSL VPN solution
>> Category: Applications/Internet
>> State: Installed
>> Publisher: openindiana.org
>> Version: 2.4.3
>> Branch: 2018.0.0.1
>> Packaging Date: Sun Feb 11 13:19:38 2018
>> Size: 1.19 MB
>> FMRI:
>> pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
>> Project URL: http://openvpn.net
>> Source URL:
>> http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz
>>
>> --------------
>>
>> Thanks
>>
>> Sven Schmeling
>>
>>
>> - --
>> Sven Schmeling, Oldenburg, Germany
>> mailto:sven.schmeling at schmeling-ol.de
>>
>>
>>
>>
>>
>> _______________________________________________
>> oi-dev mailing list
>> oi-dev at openindiana.org
>> https://openindiana.org/mailman/listinfo/oi-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20190121/dd7c720f/attachment-0005.html>