Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

VIMAGE and OpenVPN idea...

2 views

Skip to first unread message

Poul-Henning Kamp

unread,

Sep 4, 2011, 5:49:06 PM9/4/11

to freebsd-...@freebsd.org

Here is an idea for an interesting little project:

Imagine a firewall where all the external interfaces are
confined in a jail which has no IP-connectivity to the
rest of the machine.

Start OpenVPN outside the jail, have it setup a two-way pipe
and fork a childprocess, which attaches to the jail and performs
out all public-side socket operations inside the jail, passing
only the raw encrypted packets over the pipe.

Tada: Nothing in the jail can be hacked...

Only problem is: OpenVPN doesn't know this trick.

But how hard could that be ?

Somebody[tm] should do that...

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
p...@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"

0 new messages