The brig installed with "one button install" Obi

[Wiruz]

Hello . I hope someone can help me with this
I have read the guides and when i create a jail I cant connect internet trow the jail as I get dns error I think below, Also if i start and stop the jail the jls number is jumping up. My jail id is set to 1 but if in stop and start it i get jid2, jid3 and so on.

I found this and this is the only guide ive found that is some what up to date,The rest is from around 2013
http://www.locslikes.com/creating-a-jail-using-thebrig/


This is the error i get

• root@Secure:/ # pkg update && pkg upgrade && pkg install bash xxxxvpn unzip curl
  The package management tool is not yet installed on your system.
  Do you want to fetch and install it now? [y/N]: y
  Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
  pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64 ... st/pkg.txz: Non-recoverable resolver failure
  A pre-built version of pkg could not be found for your system.
  Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.

I have set the jail ip as 192.168.1.38/24 but I still cannot download the package inside the jail.
Installed
FreeBSD-amd64-11.2-RELEASE-base.txz
FreeBSD-amd64-11.2-RELEASE-lib32.txz

Code: Select all

jexec 5 tcsh
root@jail1:/  # pkg update && pkg upgrade && pkg install bash xxxxvpn unzip curl
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...
pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64 ... st/pkg.txz: Non-recoverable resolver failure
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.

I have set the server with Static IP in the network Lan managment tab
192.168.1.103/24
Gateway
192.168.1.1

Why cant i connect internet trow the jail?

I need to get a package installed inside the jail as i run an Embedded version of Xigmanas

11.2.0.4 - Omnius (revision 6026)
Compiled Thu 20 Sep 2018 20:30:08
Platform OS FreeBSD 11.2-RELEASE-p3 #0 r338829M: Thu Sep 20 17:32:35 CEST 2018
Platform x64-embedded on AMD Athlon(tm) X4 845 Quad Core Processor
System MSI A68HI (MS-7969)
System BIOS American Megatrends Inc. Version: V1.2 01/11/2016

[alexey123]

May be FreeBSD pkgsite broken ? Wait few days and repeat


Check your network inside jail

Code: Select all

ping www.google.com

[Wiruz]

May be FreeBSD pkgsite broken ? Wait few days and repeat


Check your network inside jail

Code: Select all

ping www.google.com

Thank you very much for your reply!!

Well i have had this issue for a week soon so i think it could be something i have done wrong maybe?

*Edit* If i ping a site from the jail i get following message

Code: Select all

root@Jail1:/ # ping www.google.se
ping: ssend socket: Operation not permitted

[Wiruz]

Ok so i have been able to install this by choosing tarball version 11.1 and installed following packages
FreeBSD-amd64-11.1-RELEASE-base.txz <--- That package allowed me to install the package i have had problem with
FreeBSD-amd64-11.1-RELEASE-lib32.txz
FreeBSD-amd64-11.1-RELEASE-src.txz

I still cant start Openvpn .the process starts but it closes with errors

Also i got the message that i was missing libdl.so.1 so i copied libdl.so.1 from /usr/lib/ in XigmaNas root and pasted into my jail /usr/lib
Error i get in the Openvpn log file

Code: Select all

Fri Nov  9 17:33:03 2018 WARNING: file '/usr/local/etc/openvpn/ovpn-tls.key' is group or others accessible
Fri Nov  9 17:33:03 2018 WARNING: file '/usr/local/etc/openvpn/credentials' is group or others accessible
Fri Nov  9 17:33:03 2018 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct  2 2018
Fri Nov  9 17:33:03 2018 library versions: OpenSSL 1.0.2k-freebsd  26 Jan 2017, LZO 2.10
Fri Nov  9 17:33:03 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  9 17:33:03 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  9 17:33:03 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xx.xxx:443
Fri Nov  9 17:33:03 2018 Socket Buffers: R=[131072->131072] S=[131072->131072]
Fri Nov  9 17:33:03 2018 Attempting to establish TCP connection with [AF_INET]xx.xxx.xx.xxx1:443 [nonblock]
Fri Nov  9 17:33:04 2018 TCP connection established with [AF_INET]xx.xxx.xx.xxx:443
Fri Nov  9 17:33:04 2018 TCP_CLIENT link local: (not bound)
Fri Nov  9 17:33:04 2018 TCP_CLIENT link remote: [AF_INET]xx.xxx.xx.xxx:443
Fri Nov  9 17:33:04 2018 TLS: Initial packet from [AF_INET]xx.xxx.xx.xxx, sid=a62cba81 518387b0
Fri Nov  9 17:33:04 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov  9 17:33:04 2018 VERIFY OK: depth=1, C=xxx, ST=xxxxxxxx, L=xxxxxxxx, OU=xxxx xxxxxxxx xxxx, CN=ovpn.se ca, emailAddress=xxxx@xxxx.com
Fri Nov  9 17:33:04 2018 VERIFY KU OK
Fri Nov  9 17:33:04 2018 Validating certificate extended key usage
Fri Nov  9 17:33:04 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Nov  9 17:33:04 2018 VERIFY EKU OK
Fri Nov  9 17:33:04 2018 VERIFY OK: depth=0, CN=xxxx0.prd.xxxxx.xxxx.com
Fri Nov  9 17:33:04 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Nov  9 17:33:04 2018 [xxxx0.xxxx.xxxxxx.xxxx.com] Peer Connection Initiated with [AF_INET]xx.xxx.xx.xxx:443
Fri Nov  9 17:33:06 2018 SENT CONTROL [xxxx0.xxx.xxxxx.xxxxx.com]: 'PUSH_REQUEST' (status=1)
Fri Nov  9 17:33:11 2018 SENT CONTROL [xxxx0.xxx.xxxxx.xxxxx.com]: 'PUSH_REQUEST' (status=1)
Fri Nov  9 17:33:11 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.134.0.1,topology subnet,ping 10,ping-restart 60,persist-key,redirect-gateway def1,explicit-exit-notify 2,comp-lzo yes,dhcp-option DNS xx.xxx.xx.xxx,dhcp-option DNS xxx.xxx.x.xxx,ifconfig xx.xxx.xxx.xxx 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: compression parms modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: --persist options modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: route options modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: route-related options modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: peer-id set
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: adjusting link_mtu to 1627
Fri Nov  9 17:33:11 2018 OPTIONS IMPORT: data channel crypto options modified
Fri Nov  9 17:33:11 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Nov  9 17:33:11 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Nov  9 17:33:11 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Nov  9 17:33:11 2018 GDG: problem writing to routing socket
Fri Nov  9 17:33:11 2018 ROUTE: default_gateway=UNDEF
Fri Nov  9 17:33:11 2018 Cannot allocate TUN/TAP dev dynamically
Fri Nov  9 17:33:11 2018 Exiting due to fatal error