Is there a solution to use Foo Over UDP in a unprivileged container?
Using RFC8086 (http://www.rfc-editor.org/rfc/rfc8086.txt), I would like to use Foo over UDP to create a tunnel between my LXD container and a remote server and to encapsulate GRE, or IPIP, in it . I cannot directly use GRE because of NAT (there is one intermediary router doing NAT on which I can only do tcp or udp port-forwarding), so Foo Over UDP looks like a nice solution.
Yet my issue is creating the Foo tunnel is rejected in a unprivileged container (here running Debian 10 or ubuntu 19.04):
ip fou add port 9876 ipproto 47
RTNETLINK answers: Operation not permitted
This works well in a privileged container, but I would like to it avoid to be prvileged…
Is there any way to do this?
[Edit:] Maybe I should also precise that the container has a physical access to the nic, wheras the host has no IP address on that nic. It’s configured like this:
config: bridge.driver: native bridge.external_interfaces: enp5s0 ipv4.address: none ipv4.firewall: "true" ipv4.nat: "false" ipv6.address: none ipv6.nat: "false" description: "" name: lxdbr0 type: bridge managed: true status: Created used_by: [...]