From 59634eb0e08202298123cf96322ae40ebf59e071 Mon Sep 17 00:00:00 2001
From: maride <maride@darknebu.la>
Date: Sun, 2 Sep 2018 01:38:07 +0200
Subject: Use NAT from VPN network to other networks

---
 Dockerfile     | 4 +++-
 chainloader.sh | 2 +-
 nat.sh         | 3 +++
 server.conf    | 3 +++
 4 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 nat.sh

diff --git a/Dockerfile b/Dockerfile
index 2330bd5..036b2b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ WORKDIR /prod
 
 # Install OpenVPN
 RUN apk update
-RUN apk add openvpn
+RUN apk add openvpn iptables
 
 # Copy our chainloader script
 COPY chainloader.sh /prod/chainloader.sh
@@ -15,6 +15,8 @@ RUN chmod +x /prod/chainloader.sh
 # Copy server and client config files
 COPY server.conf /prod/server.conf
 COPY client.conf /prod/client.conf
+COPY nat.sh /prod/nat.sh
+RUN chmod +x /prod/nat.sh
 
 # Copy client config host code and compile it
 COPY host.go /tmp/host.go
diff --git a/chainloader.sh b/chainloader.sh
index d9ec139..8bf5a6f 100644
--- a/chainloader.sh
+++ b/chainloader.sh
@@ -12,5 +12,5 @@ echo "</secret>" >> /tmp/client.conf
 
 ./confhost &
 
-openvpn --config /prod/server.conf
+openvpn --config /prod/server.conf --script-security 2
 
diff --git a/nat.sh b/nat.sh
new file mode 100644
index 0000000..c4a25dd
--- /dev/null
+++ b/nat.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+iptables -t nat -A POSTROUTING -j MASQUERADE
diff --git a/server.conf b/server.conf
index 2acb7cd..b7856e5 100644
--- a/server.conf
+++ b/server.conf
@@ -15,3 +15,6 @@ user jail
 group jail
 cipher AES-256-CBC
 secret /prod/persist/static.key
+
+# Set up nat
+up /prod/nat.sh
-- 
cgit 1.4.1