Looking for some advice here. I have an LXD 3.6 server running at Digital Ocean (Debian 9.5) with a bridge network of 192.168.191.0/24. I am running three alpine containers - each specific packages (nginx, etc). My goal is to get a direct connection to this bridge network so I can run some management tools on the containers (phpMyAdmin, etc).
I have looked at setting up OpenVPN and IPSec server code on the Debian-9 server, but that seems awfully complicated for what I need.
Next, I tried “sshuttle” which essentially is a poor-man’s VPN over ssh. I was able to get the connection established, but the bridge network does not appear in the list of valid subnets. A verbose dump of the connection provides this (the real IP is obfuscated with “XXX.YYY.ZZZ.AAA”)
firewall manager: Got subnets: [(2, 32, False, ‘XXX.YYY.ZZZ.AAA’, 0, 0), (2, 0, False, ‘0.0.0.0’, 0, 0), (2, 32, True, ‘127.0.0.1’, 0, 0), (30, 128, True, ‘::1’, 0, 0)]
A list of the LXD networks:
root@bmyers-dev1:~# lxc network list
+--------+----------+---------+-------------+---------+
| NAME | TYPE | MANAGED | DESCRIPTION | USED BY |
+--------+----------+---------+-------------+---------+
| eth0 | physical | NO | | 0 |
+--------+----------+---------+-------------+---------+
| lxdbr0 | bridge | YES | | 4 |
+--------+----------+---------+-------------+---------+
A list of containers running
root@bmyers-dev1:~# lxc list
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| db01 | RUNNING | 192.168.191.11 (eth0) | fd42:... (eth0) | PERSISTENT | |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| nginx-proxy | RUNNING | 192.168.191.10 (eth0) | fd42:... (eth0) | PERSISTENT | |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
| www-server-01 | RUNNING | 192.168.191.101 (eth0) | fd42:... (eth0) | PERSISTENT | |
+-------------------+---------+------------------------+-----------------------------------------------+------------+-----------+
Wondering if anyone has solved this problem before using sshuttle. If not, can you recommend a different tool that is easy to use (aside from ssh with multiple port forwarding statements)?