Iptables routing inside container (openvpn) tun interface

i want to setup an openvpn gateway for secured internet access in a container.
openvpn works (tun device is running)
clients can connect to openvpn (iptables with dnat in lxd host) and ping the openvpn tun device ip

now i miss some iptables rules inside the container to allow snat (internet access) for connected vpn clients.

what steps are necessary to get a vpn gateway inside the openvpn-lxc-container (missing iptables??) running?

lxd 3.6 is running


iptables should work fine inside a container, the one thing it won’t be able to do is load more modules as that needs to be done by root outside of the container.

So if you get some specific iptables errors about missing modules/tables, then locate the right module and load it on the host. You can also set those modules through linux.kernel_modules in the container configuration so that LXD will auto-load them when starting the container.

Probably easiest way is to nat masquerade the openvpn network on egress of the container’s eth0 interface and then vpn clients should be able to get to the outside world.

also make sure routing / forwarding is enabled on container in /etc/sysctl.conf

openvpn runs and works fine now (dual stack tunnel)
did not know iptables work inside container like inside host.

1 Like