Help: Docker Container as Gateway (Router) for other LAN-Devices

[AlexanderSch90]

Host OS (approximate answer is fine too): Enigma2

Is this urgent?: No

What VPN provider are you using: NordVPN

What is the version of the program (See the line at the top of your logs)

0b8ea544ff14 linux/amd64

What's the problem 🤔 I would like to connect devices without a proxy to the VPN via the container. Can the container act as a kind of router here by entering the IP address of the Docker host as the gateway? Or is that not technically possible?

What are you using to run your container?: Docker Compose

Please also share your configuration file:

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8001:8000/tcp # Built-in HTTP control server
    # command:
    volumes:
      - /root/gluetun:/gluetun
    secrets:
      - openvpn_user
      - openvpn_password
    environment:
      # More variables are available, see the readme table
      - VPNSP=nordvpn
      - SERVER_NUMBER=400,401,402,403,405,406,407,408
      # Timezone for accurate logs times
      - TZ=Europe/Berlin
      - FIREWALL_OUTBOUND_SUBNETS=192.168.2.0/24,10.4.4.0/24,10.4.3.0/24
    restart: always

secrets:
  openvpn_user:
    file: ./openvpn_user
  openvpn_password:
    file: ./openvpn_password

[qdm12]

I think @Frepke mentioned that to me months ago, but haven't had the time to search. I think it's possible using some Docker networking & routing gymnastics on your host, but didn't try it out yet. If you find how to please comment back with your results! Otherwise, I'll get to the issue sometime 😉

[David-Nahorniak]

Hi, I need the same. Did you manage @AlexanderSch90 or @Frepke or @qdm12 to figure out how to do it? If not, could someone tell me how to do it?

[qdm12]

Not for my part. I'd tend to think it requires quite a bit of firewall and routing config on the host, and that doesn't motivate me to explore that route to be honest. What I like with my image is that minimal config is required and the host is left untouched. But let us know if you find a way, I could still add it to the Wiki and some advanced users might be interested 😉

[RobHofmann]

Hi all,

I'm looking for this same feature. I've been able to set this up with another container before. Below is a working example.

sysctl -w net.ipv4.ip_forward=1
docker run --net=eth1macvlan -it --ip=192.168.7.13 --cap-add=NET_ADMIN --device /dev/net/tun --name="vpn" -d -v /vpndata:/vpn dperson/openvpn-client
docker exec "vpn" iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
docker exec "vpn" iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
docker exec "vpn" iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

I tried replicating the iptables which are (after the above commands) in gluetun's container. It didnt work however. I'm not sure if this is a firewall issue (i also disabled the firewall completely), but it seems to be impossible to use gluetun as a gateway.

Am i missing something here?

[RobHofmann]

PS. Same-ish discussion here with a possible workaround: https://github.com/qdm12/gluetun/discussions/738

[qdm12]

@RobHofmann awesome, your last command for the forward table should be safe. I'll incoporate it in gluetun with an environment variable and document this in the wiki. Stay tuned for some testing!

[BobWs]

PS. Same-ish discussion here with a possible workaround: #738

Is this still working for you? Would you mind sharing a small tutorial how to set this up?