Using an LXD container as a gateway for other containers

grandall · November 17, 2017, 2:35am

I have a container running an openvpn server id like to use as a gateway for other containers. I believe I can use the bridge-utils package to create a bridge that doesn’t attach to a physical interface, specify the tun0 adapter as the gateway and then tell the secured container to use this bridge. Am I getting close?

~$ lxc list
+------+---------+--------------------------------+------+------------+-----------+
| NAME   |  STATE  |              IPV4              | IPV6 |    TYPE    | SNAPSHOTS |
+------+---------+--------------------------------+------+------------+-----------+
| secure | RUNNING | 10.100.100.29 (eth0)           |      | PERSISTENT | 1         |
+------+---------+--------------------------------+------+------------+-----------+
| vpn    | RUNNING | 10.8.0.1 (tun0)                |      | PERSISTENT | 1         |
|        |         | 10.100.100.105 (eth0)          |      |            |           |
+------+---------+--------------------------------+------+------------+-----------+

I having trouble wrapping my head around the /etc/network/interfaces entry to accomplish this. What should the network address for the bridge be?

~$ tail /etc/network/interfaces

    # Bridge for LXC Containers
    #auto br0
    #       iface br0 inet static
    #           address 10.8.0.?  
    #           network 10.8.0.0
    #           netmask 255.255.255.0
    #           broadcast 10.8.0.255
    #           gateway 10.8.0.1  
    #           bridge_ports none

bmullan · January 14, 2020, 3:47pm

Just read your question. Did you ever solve this (get it to work)?

If so, could you write up a short “how to” for others?

For LXD are you familiar with creating and using new LXD profiles and bridges using “lxc” command?:

Step 1

Create a new LXD profile to use by copying the "default’ to a profile we will call “vpnpr”

$ lxc profile copy default vpnpr

Step 2

Create a new LXD managed bridge to use we will call it vpnbr:

$ lxc network create vpnbr

Step 3

Set you default text editor before you do the next steps.

I use “nano” so the cmd example below sets nano as the default editor for lxc “edit” cmds
otherwise it defaults to Vi if you use Vi then you don’t need to do anything.

$ export EDITOR=nano

Step 4

Edit the new LXD bridge’s configuration (vpnbr) that you created

$ lxc network edit vpnbr

Edit the new *vpnbr bridge configuration however you like then save your changes.

Step 5

Edit the new “vpnpr” profile configuration

**$ lxc profile edit vpnpr

change the Bridge from the default of “lxdbr0” to your new bridge name “vpnbr”

save your changes

Step 6

Now create a new LXD container and tell LXD to use the “new” profile you created “vpnpr” instead of the normal LXD default profile

The "-p vpnpr is the cmd line option telling LXD to create the container “newctnr”
using Profile vpnpr

$ lxc launch ubuntu:b newctnr -p vpnpr

Verify it worked… and newctnr container has the network you configured

$ lxc list