feat: support for configuring iptables masquerading for NAT (#2)

Signed-off-by: Aurora Gaffney <aurora@blinklabs.io>

Author: agaffney

Dockerfile

@@ -4,7 +4,7 @@ COPY bin/ /usr/local/bin
 
 RUN apt-get update \
  && apt-get dist-upgrade -y \
- && apt-get install -y openvpn \
+ && apt-get install -y openvpn iptables \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* \
  && chmod +x /usr/local/bin/*

bin/entrypoint

@@ -1,9 +1,19 @@
 #!/bin/bash
 
+CONFIG_DIR=/etc/openvpn
+
+ENABLE_NAT=${ENABLE_NAT:-1}
+NAT_SOURCE=${NAT_SOURCE:-10.8.0.0/24}
+NAT_DEVICE=${NAT_DEVICE:-eth0}
+
 # Create device for tun interfaces
 mkdir -p /dev/net
 if [ ! -c /dev/net/tun ]; then
-    mknod /dev/net/tun c 10 200
+	mknod /dev/net/tun c 10 200
+fi
+
+if [[ $ENABLE_NAT = 1 ]]; then
+	iptables -t nat -A POSTROUTING -s ${NAT_SOURCE} -o ${NAT_DEVICE} -j MASQUERADE
 fi
 
-openvpn --config /etc/openvpn/openvpn.conf $@
+exec openvpn --config ${CONFIG_DIR}/openvpn.conf --cd ${CONFIG_DIR} $@