Hi All, with an openvpn client on the host (tun0 = 10.8.1.10, em0 = 192.168.1.10) that redirects traffic to the VPN server (10.8.1.1), for some jails, I would like the following:
I was initially expecting to work without the NAT rule. But I understand that jail routing is by default the same as on the host. So the default outgoing traffic, for jails and host, is going to through the VPN. This issue is that when it comes back it goes to the host.
If that helps, for some other jails, I additionally want: 3. jails are reachable via the VPN, which I solve by adding pf RDR rules for traffic on tun0 to specific ports to be redirected to specific jails.
- jails can reach out to the internet (ex: pkg install)
- jails are reachable from the local network (can expose services)
- attach jails to em0 with a 192.168.1.0/24 address
- add a pf rule to NAT traffic from jails on tun0
I was initially expecting to work without the NAT rule. But I understand that jail routing is by default the same as on the host. So the default outgoing traffic, for jails and host, is going to through the VPN. This issue is that when it comes back it goes to the host.
If that helps, for some other jails, I additionally want: 3. jails are reachable via the VPN, which I solve by adding pf RDR rules for traffic on tun0 to specific ports to be redirected to specific jails.