From 59634eb0e08202298123cf96322ae40ebf59e071 Mon Sep 17 00:00:00 2001 From: maride Date: Sun, 2 Sep 2018 01:38:07 +0200 Subject: Use NAT from VPN network to other networks --- Dockerfile | 4 +++- chainloader.sh | 2 +- nat.sh | 3 +++ server.conf | 3 +++ 4 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 nat.sh diff --git a/Dockerfile b/Dockerfile index 2330bd5..036b2b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ WORKDIR /prod # Install OpenVPN RUN apk update -RUN apk add openvpn +RUN apk add openvpn iptables # Copy our chainloader script COPY chainloader.sh /prod/chainloader.sh @@ -15,6 +15,8 @@ RUN chmod +x /prod/chainloader.sh # Copy server and client config files COPY server.conf /prod/server.conf COPY client.conf /prod/client.conf +COPY nat.sh /prod/nat.sh +RUN chmod +x /prod/nat.sh # Copy client config host code and compile it COPY host.go /tmp/host.go diff --git a/chainloader.sh b/chainloader.sh index d9ec139..8bf5a6f 100644 --- a/chainloader.sh +++ b/chainloader.sh @@ -12,5 +12,5 @@ echo "" >> /tmp/client.conf ./confhost & -openvpn --config /prod/server.conf +openvpn --config /prod/server.conf --script-security 2 diff --git a/nat.sh b/nat.sh new file mode 100644 index 0000000..c4a25dd --- /dev/null +++ b/nat.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +iptables -t nat -A POSTROUTING -j MASQUERADE diff --git a/server.conf b/server.conf index 2acb7cd..b7856e5 100644 --- a/server.conf +++ b/server.conf @@ -15,3 +15,6 @@ user jail group jail cipher AES-256-CBC secret /prod/persist/static.key + +# Set up nat +up /prod/nat.sh -- cgit 1.4.1