[OpenIndiana-discuss] OpenVPN inside a Zone

Jim Klimov jimklimov at cos.ru
Sun Sep 17 21:48:33 UTC 2017 

On September 17, 2017 10:17:04 PM GMT+02:00, "Till Wegmüller" <toasterson at gmail.com> wrote:
>Hello Everyone
>
>I am trying to install openvpn into a zone. However I am getting stuck.
>
>I am getting setpriv error when launching via smf.
>I have the priv part of the openindiana.README inside the manifest (it 
>was there from installation).
>
>If I Launch OpenVPN via console (no daemon) it runs until "TCPv4_SERVER
>
>READ [448] from [AF_INET]$CLIENTIP: P_DATA_V2 kid=0 DATA len=447" after
>
>that it segfaults and dumps core.
>
>pstack core says
>
>core 'core' of 9356:    /usr/sbin/openvpn --config
>/etc/openvpn/openvpn.conf
>  00000000 ???????? (81791e4, 80467f0, c, 1)
>  febc4a3a aesni_gcm_init_key (817cde0, 0, 80467f0, 0) + da
> febc0491 EVP_CipherInit_ex (817cde0, 0, 0, 0, 80467f0, ffffffff) + 151
>  08071409 cipher_ctx_reset (817cde0, 80467f0, 8, 8066edb) + 19
>0806ad62 openvpn_decrypt_aead (a06, 0, 0, 8160648, 814e034, 814d960) +
>232
>  0806c4c5 openvpn_decrypt (814db44, a06, 0, 0, 8160648, 814e034) + 75
>080752be process_incoming_link_part1 (814d30c, 813ca90, 0, 8162690) +
>1be
>0809a22a multi_process_incoming_link (80469ec, 814d188, 9, 8072ca7, 8, 
>8046a64) + aa
>  08092972 multi_tcp_action (0, 80472ec, 8146ac0, 404, 8046f88, 
>fefd2482) + 532
>  08092fad tunnel_server_tcp (8047454, 8047454, 80fd440, 0, 805c173, 
>fed3a28a) + 3ed
>  0809dcd1 openvpn_main (feffb0a8) + 1f1
>0809df8b main     (8047dec, fef5f2c8, 8047e28, 8064e23, 3, 8047e34) +
>1b
>  08064e23 _start   (3, 8047ef0, 8047f02, 8047f0b, 0, 8047f25) + 83
>
>Does anybody have an idea what the setpriv Error could be?
>Has anybody a working OpenVPN Server in a zone?
>
>Thanks in advance for any help
>Greetings
>Till
>
>_______________________________________________
>openindiana-discuss mailing list
>openindiana-discuss at openindiana.org
>https://openindiana.org/mailman/listinfo/openindiana-discuss

Yes, our router lives in a zone nicely.

IIRC there are privs to set for the zone itself, so it is permitted to manipulate the network, and pass the tun/tap device nodes.

Jim
--
Typos courtesy of K-9 Mail on my Android

More information about the openindiana-discuss mailing list