通过lxc vpn容器路由lxc主机流量

如何解决通过lxc vpn容器路由lxc主机流量

我正在使用笔记本电脑在家中远程工作。我的网络管理员为我提供了2个.opvn文件，work-live.ovpn用于连接到LIVE环境，而work-uat.ovpn用于连接到UAT环境。 LIVE＆UAT环境是两个隔离的网络。

我在笔记本中创建了2个LXC容器：

1. 实时工作-使用work-live.ovpn
2. work-uat-使用work-uat.ovpn

我想将两个LXC容器都用作网关，这样我就不必一直来回切换vpn连接。

我的目标是：

1. 从笔记本电脑到10.19.0.0/16网段的任何连接都应通过work-uat路由
2. 从笔记本电脑到10.29.0.0/16网段的任何连接都应通过在线工作进行路由

下面是我的笔记本和LXC配置：

• lxc个人资料显示默认

config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/instances/work-live
- /1.0/instances/work-uat

• lxc网络节目lxdbr0

config:
  ipv4.address: 10.49.104.1/24
  ipv4.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/work-live
- /1.0/instances/work-uat
- /1.0/profiles/default
managed: true
status: Created
locations:
- none

• lxc配置显示实时运行

architecture: x86_64
config:
  image.architecture: amd64
  image.description: Ubuntu focal amd64 (20201101_07:42)
  image.os: Ubuntu
  image.release: focal
  image.serial: "20201101_07:42"
  image.type: squashfs
  image.variant: default
  raw.lxc: lxc.cgroup.devices.allow = c 10:200 rwm
  volatile.base_image: 58388757af6f53baefbc294f8c5ed6f4f3b9b41673e12acfc6b440718ae551d9
  volatile.eth0.host_name: vethc1a43d6e
  volatile.eth0.hwaddr: 00:16:3e:f0:f4:f6
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices:
  tun:
    path: /dev/net/tun
    type: unix-char
ephemeral: false
profiles:
- default
stateful: false
description: ""

• lxc配置显示工作状态

architecture: x86_64
config:
  image.architecture: amd64
  image.description: Ubuntu focal amd64 (20201101_07:42)
  image.os: Ubuntu
  image.release: focal
  image.serial: "20201101_07:42"
  image.type: squashfs
  image.variant: default
  raw.lxc: lxc.cgroup.devices.allow = c 10:200 rwm
  volatile.base_image: 58388757af6f53baefbc294f8c5ed6f4f3b9b41673e12acfc6b440718ae551d9
  volatile.eth0.host_name: veth4d7742df
  volatile.eth0.hwaddr: 00:16:3e:c0:89:07
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices:
  tun:
    path: /dev/net/tun
    type: unix-char
ephemeral: false
profiles:
- default
stateful: false
description: ""

• lxc ls

+-----------+---------+----------------------+------------+-----------+
|   NAME    |  STATE  |         IPV4         |    TYPE    | SNAPSHOTS |
+-----------+---------+----------------------+------------+-----------+
| work-live | RUNNING | 10.49.104.67 (eth0)  |  CONTAINER | 0         |
|           |         | 10.29.37.3 (tun0)    |            |           |
+-----------+---------+----------------------+------------+-----------+
| work-uat  | RUNNING | 10.19.7.3 (tap0)     |  CONTAINER | 0         |
|           |         | 10.49.104.180 (eth0) |            |           |
+-----------+---------+----------------------+------------+-----------+

• lxc网络ls

+--------+----------+---------+----------------+-------------+---------+
|  NAME  |   TYPE   | MANAGED |      IPV4      | DESCRIPTION | USED BY |
+--------+----------+---------+----------------+-------------+---------+
| eno1   | physical | NO      |                |             | 0       |
+--------+----------+---------+----------------+-------------+---------+
| lxdbr0 | bridge   | YES     | 10.49.104.1/24 |             | 3       |
+--------+----------+---------+----------------+-------------+---------+
| wlo1   | physical | NO      |                |             | 0       |
+--------+----------+---------+----------------+-------------+---------+

• 主机：ip路由

default via 192.168.1.1 dev wlo1 proto dhcp metric 600 
10.49.104.0/24 dev lxdbr0 proto kernel scope link src 10.49.104.1 
10.29.0.0/16 via 10.49.104.67 dev lxdbr0 
169.254.0.0/16 dev wlo1 scope link metric 1000 
192.168.1.0/24 dev wlo1 proto kernel scope link src 192.168.1.23 metric 600 

• work-uat：IP路由

default via 10.49.104.1 dev eth0 proto dhcp src 10.49.104.180 metric 100 
10.19.7.0/24 dev tap0 proto kernel scope link src 10.19.7.3 
10.19.8.0/24 via 10.19.7.1 dev tap0 
10.49.104.0/24 dev eth0 proto kernel scope link src 10.49.104.180 
10.49.104.1    dev eth0 proto dhcp   scope link src 10.49.104.180 metric 100 

• 工作在线：ip路由

default via 10.49.104.1 dev eth0 proto dhcp src 10.49.104.67 metric 100 
10.49.104.0/24 dev eth0 proto kernel scope link src 10.49.104.67 
10.49.104.1    dev eth0 proto dhcp   scope link src 10.49.104.67 metric 100 
10.29.0.0/16  via 10.29.37.1 dev tun0 
10.29.37.0/24 dev tun0 proto kernel scope link src 10.29.37.3 

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。