通过lxc vpn容器路由lxc主机流量

时间:2020-11-06 09:14:53

标签: openvpn lxc lxd

我正在使用笔记本电脑在家中远程工作。我的网络管理员为我提供了2个.opvn文件,work-live.ovpn用于连接到LIVE环境,而work-uat.ovpn用于连接到UAT环境。 LIVE&UAT环境是两个隔离的网络。

我在笔记本中创建了2个LXC容器:

  1. 实时工作-使用work-live.ovpn
  2. work-uat-使用work-uat.ovpn

我想将两个LXC容器都用作网关,这样我就不必一直来回切换vpn连接。

我的目标是:

  1. 从笔记本电脑到10.19.0.0/16网段的任何连接都应通过work-uat路由
  2. 从笔记本电脑到10.29.0.0/16网段的任何连接都应通过在线工作进行路由

下面是我的笔记本和LXC配置:

  • lxc个人资料显示默认
config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/instances/work-live
- /1.0/instances/work-uat
  • lxc网络节目lxdbr0 
config:
  ipv4.address: 10.49.104.1/24
  ipv4.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/work-live
- /1.0/instances/work-uat
- /1.0/profiles/default
managed: true
status: Created
locations:
- none
  • lxc配置显示实时运行
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Ubuntu focal amd64 (20201101_07:42)
  image.os: Ubuntu
  image.release: focal
  image.serial: "20201101_07:42"
  image.type: squashfs
  image.variant: default
  raw.lxc: lxc.cgroup.devices.allow = c 10:200 rwm
  volatile.base_image: 58388757af6f53baefbc294f8c5ed6f4f3b9b41673e12acfc6b440718ae551d9
  volatile.eth0.host_name: vethc1a43d6e
  volatile.eth0.hwaddr: 00:16:3e:f0:f4:f6
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices:
  tun:
    path: /dev/net/tun
    type: unix-char
ephemeral: false
profiles:
- default
stateful: false
description: ""
  • lxc配置显示工作状态
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Ubuntu focal amd64 (20201101_07:42)
  image.os: Ubuntu
  image.release: focal
  image.serial: "20201101_07:42"
  image.type: squashfs
  image.variant: default
  raw.lxc: lxc.cgroup.devices.allow = c 10:200 rwm
  volatile.base_image: 58388757af6f53baefbc294f8c5ed6f4f3b9b41673e12acfc6b440718ae551d9
  volatile.eth0.host_name: veth4d7742df
  volatile.eth0.hwaddr: 00:16:3e:c0:89:07
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices:
  tun:
    path: /dev/net/tun
    type: unix-char
ephemeral: false
profiles:
- default
stateful: false
description: ""
  • lxc ls 
+-----------+---------+----------------------+------------+-----------+
|   NAME    |  STATE  |         IPV4         |    TYPE    | SNAPSHOTS |
+-----------+---------+----------------------+------------+-----------+
| work-live | RUNNING | 10.49.104.67 (eth0)  |  CONTAINER | 0         |
|           |         | 10.29.37.3 (tun0)    |            |           |
+-----------+---------+----------------------+------------+-----------+
| work-uat  | RUNNING | 10.19.7.3 (tap0)     |  CONTAINER | 0         |
|           |         | 10.49.104.180 (eth0) |            |           |
+-----------+---------+----------------------+------------+-----------+
  • lxc网络ls 
+--------+----------+---------+----------------+-------------+---------+
|  NAME  |   TYPE   | MANAGED |      IPV4      | DESCRIPTION | USED BY |
+--------+----------+---------+----------------+-------------+---------+
| eno1   | physical | NO      |                |             | 0       |
+--------+----------+---------+----------------+-------------+---------+
| lxdbr0 | bridge   | YES     | 10.49.104.1/24 |             | 3       |
+--------+----------+---------+----------------+-------------+---------+
| wlo1   | physical | NO      |                |             | 0       |
+--------+----------+---------+----------------+-------------+---------+
  • 主机:ip路由
default via 192.168.1.1 dev wlo1 proto dhcp metric 600 
10.49.104.0/24 dev lxdbr0 proto kernel scope link src 10.49.104.1 
10.29.0.0/16 via 10.49.104.67 dev lxdbr0 
169.254.0.0/16 dev wlo1 scope link metric 1000 
192.168.1.0/24 dev wlo1 proto kernel scope link src 192.168.1.23 metric 600
  • work-uat:IP路由
default via 10.49.104.1 dev eth0 proto dhcp src 10.49.104.180 metric 100 
10.19.7.0/24 dev tap0 proto kernel scope link src 10.19.7.3 
10.19.8.0/24 via 10.19.7.1 dev tap0 
10.49.104.0/24 dev eth0 proto kernel scope link src 10.49.104.180 
10.49.104.1    dev eth0 proto dhcp   scope link src 10.49.104.180 metric 100
  • 工作在线:ip路由
default via 10.49.104.1 dev eth0 proto dhcp src 10.49.104.67 metric 100 
10.49.104.0/24 dev eth0 proto kernel scope link src 10.49.104.67 
10.49.104.1    dev eth0 proto dhcp   scope link src 10.49.104.67 metric 100 
10.29.0.0/16  via 10.29.37.1 dev tun0 
10.29.37.0/24 dev tun0 proto kernel scope link src 10.29.37.3

0 个答案:

没有答案
相关问题
最新问题