That sounds very reasonable. I would lead you, in that case, toward using a rkt pod, so that the vpn client and the user of the VPN can run as separate containers within the same network namespace, which should make management of those containers simpler.
On Fri, Jul 8, 2016 at 11:46 AM Derek Mahar <[email protected]> wrote: > On second thought, it should be easier simply to bundle the application > that must communicate with the VPN and vpnc in the same container. It will > nice to isolate the VPN client inside the container of the only application > that must communicate over the VPN instead of running the VPN client in the > host. > > > On Friday, 8 July 2016 11:41:01 UTC-4, Derek Mahar wrote: >> >> I managed to run vpnc in a privileged Docker container. Now I need to >> figure out how to configure the container network so that one of the >> application containers uses the VPN container as a gateway to the VPN. >> >> On Friday, 8 July 2016 09:29:33 UTC-4, Derek Mahar wrote: >>> >>> On Thursday, 7 July 2016 18:51:53 UTC-4, Nick Owens wrote: >>>> >>>> On 07/07/2016 03:26 PM, Derek Mahar wrote: >>>> > How could I build and run vpnc < >>>> https://www.unix-ag.uni-kl.de/~massar/vpnc/> on >>>> > CoreOS? Could I build it on Ubuntu and then install the binary on >>>> CoreOS? >>>> >>>> is there any reason you can't run it in a rkt or docker container? >>>> >>> >>> I've tried running it in a container, but couldn't get it to start, >>> probably because I didn't run it as a privileged container, as Sean McCord >>> suggested. Assuming that I can run it inside its own container, I'd then >>> have to figure out how to configure the container network so that the >>> application containers use the VPN container as a VPN gateway. I have only >>> basic experience with Linux networking, so I'd have to do some research in >>> order to solve this problem. >>> >>> >>> >>>> >>>> if you really cannot, then the binary should be statically linked. >>>> dynamically linked binaries from other systems either will not work >>>> because of missing libraries, or will potentially crash at runtime due >>>> to ABI problems, so it's not a very good idea. >>>> >>> >>> Yes, this is what I thought, too. However, according to Sean, it seems >>> that the vpnc binary uses only libraries which are present in CoreOS, so it >>> should run even without static linking. >>> >>> Derek >>> >> -- Seán C McCord CyCore Systems, Inc +1 888 240 0308 PGP/GPG: http://cycoresys.com/scm.asc
