From owner-freebsd-questions@FreeBSD.ORG Sun Dec 4 00:42:41 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A62B1065670 for ; Sun, 4 Dec 2011 00:42:41 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 12B238FC15 for ; Sun, 4 Dec 2011 00:42:39 +0000 (UTC) Received: by iafi7 with SMTP id i7so1291633iaf.13 for ; Sat, 03 Dec 2011 16:42:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.50.181.202 with SMTP id dy10mr2422059igc.14.1322959359529; Sat, 03 Dec 2011 16:42:39 -0800 (PST) Received: by 10.231.184.149 with HTTP; Sat, 3 Dec 2011 16:42:39 -0800 (PST) Date: Sat, 3 Dec 2011 19:42:39 -0500 Message-ID: From: Alejandro Imass To: FreeBSD Questions Content-Type: text/plain; charset=ISO-8859-1 Subject: IPSec in Jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Dec 2011 00:42:41 -0000 Hello, I was following a thread in FBSD Spanish talking about the use of IPSec in Jails and there was no conclusion to the matter. I have a client that wants to run a VPN which requires IPSec and he is running on some jails we provide them. We can provide them with a public IP for the jail but I'm not sure if this will work. I understand from the thread that recompiling the kernel with VIMAGE enabled should allow the use of IPSec in the jails but apparently until 8.0 this was experimental. This particular server uses 8.2 so I would like to know if anyone here has done this and how stable it is? Would enabling VIMAGE for the base kernel compromise the system and other clients running on other jails in the same server? Thanks beforehand for any valuable comments! -- Alejandro Imass