Is it possible to create an LXD network bridge that will only bridge one interface? I would like to start openvpn on the host (this will create tun0 interface), then start the container and all network requests are sent through the host’s tun0 interface. If openvpn dies, all networking on the guest dies (because it’s being bridged and if tun0 dies, it’s not possible for the guest to make network requests).
I tried lxc network create lxdtun0 bridge.external_interfaces=tun0 and lxc network create lxdtun0 tunnel.lan.protocol=vxlan tunnel.lan.interface=tun0, both of witch will send network requests to the host’s other interfaces if tun0 goes away.
Containers connected to this will not get an IP or any kind of connectivity.
You can then setup an “up” script in your openvpn config to automatically bridge your VPN into the lxdtun0 bridge when it comes up. Note that for that kind of layer2 bridging, you’re probably better off using openvpn in tap mode.
With such a configuration, the host wouldn’t have an IP or route on the VPN, it would be pure L2 bridging over the VPN when it’s online. If the VPN goes down, it’d be the same as having unplugged a physical cable. Containers would still be able to communicate amongst themselves but wouldn’t see anything else.