ssh { exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; path = "/var/jail/ssh"; host.hostname = "ssh"; vnet; vnet.interface += "em0"; }
It's IPv6 only, so this is key in rc.conf: rtsold_enable="YES"
OpenBSD PF based router does the rest. IPv6 simplifies things here.
PF on FreeBSD isn't the most ideal, sure, but I can limit local access on inet6.
For SSH tunnel, it's straight forward.
ssh { exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; path = "/var/jail/ssh"; host.hostname = "ssh"; vnet; vnet.interface += "em0"; }
It's IPv6 only, so this is key in rc.conf: rtsold_enable="YES"
OpenBSD PF based router does the rest. IPv6 simplifies things here.
PF on FreeBSD isn't the most ideal, sure, but I can limit local access on inet6.
For SSH tunnel, it's straight forward.