Use NAT from VPN network to other networks

4 files changed, 10 insertions, 2 deletions

diff --git a/Dockerfile b/Dockerfile
index 2330bd5..036b2b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ WORKDIR /prod
 
 # Install OpenVPN
 RUN apk update
-RUN apk add openvpn
+RUN apk add openvpn iptables
 
 # Copy our chainloader script
 COPY chainloader.sh /prod/chainloader.sh
@@ -15,6 +15,8 @@ RUN chmod +x /prod/chainloader.sh
 # Copy server and client config files
 COPY server.conf /prod/server.conf
 COPY client.conf /prod/client.conf
+COPY nat.sh /prod/nat.sh
+RUN chmod +x /prod/nat.sh
 
 # Copy client config host code and compile it
 COPY host.go /tmp/host.go
diff --git a/chainloader.sh b/chainloader.sh
index d9ec139..8bf5a6f 100644
--- a/chainloader.sh
+++ b/chainloader.sh
@@ -12,5 +12,5 @@ echo "</secret>" >> /tmp/client.conf
 
 ./confhost &
 
-openvpn --config /prod/server.conf
+openvpn --config /prod/server.conf --script-security 2
 
diff --git a/nat.sh b/nat.sh
new file mode 100644
index 0000000..c4a25dd
--- /dev/null
+++ b/nat.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+iptables -t nat -A POSTROUTING -j MASQUERADE
diff --git a/server.conf b/server.conf
index 2acb7cd..b7856e5 100644
--- a/server.conf
+++ b/server.conf
@@ -15,3 +15,6 @@ user jail
 group jail
 cipher AES-256-CBC
 secret /prod/persist/static.key
+
+# Set up nat
+up /prod/nat.sh