Wouldn't I still have to configure a network proxy on the vpn client container or some routing tables on the application container? By 'rkt pod' do you mean run the containers using 'rkt run'?
On Friday, 8 July 2016 12:55:27 UTC-4, Seán McCord wrote: > > That sounds very reasonable. I would lead you, in that case, toward using > a rkt pod, so that the vpn client and the user of the VPN can run as > separate containers within the same network namespace, which should make > management of those containers simpler. > > > > On Fri, Jul 8, 2016 at 11:46 AM Derek Mahar <[email protected] > <javascript:>> wrote: > >> On second thought, it should be easier simply to bundle the application >> that must communicate with the VPN and vpnc in the same container. It will >> nice to isolate the VPN client inside the container of the only application >> that must communicate over the VPN instead of running the VPN client in the >> host. >> >> >> On Friday, 8 July 2016 11:41:01 UTC-4, Derek Mahar wrote: >>> >>> I managed to run vpnc in a privileged Docker container. Now I need to >>> figure out how to configure the container network so that one of the >>> application containers uses the VPN container as a gateway to the VPN. >>> >>> On Friday, 8 July 2016 09:29:33 UTC-4, Derek Mahar wrote: >>>> >>>> On Thursday, 7 July 2016 18:51:53 UTC-4, Nick Owens wrote: >>>>> >>>>> On 07/07/2016 03:26 PM, Derek Mahar wrote: >>>>> > How could I build and run vpnc < >>>>> https://www.unix-ag.uni-kl.de/~massar/vpnc/> on >>>>> > CoreOS? Could I build it on Ubuntu and then install the binary on >>>>> CoreOS? >>>>> >>>>> is there any reason you can't run it in a rkt or docker container? >>>>> >>>> >>>> I've tried running it in a container, but couldn't get it to start, >>>> probably because I didn't run it as a privileged container, as Sean McCord >>>> suggested. Assuming that I can run it inside its own container, I'd then >>>> have to figure out how to configure the container network so that the >>>> application containers use the VPN container as a VPN gateway. I have >>>> only >>>> basic experience with Linux networking, so I'd have to do some research in >>>> order to solve this problem. >>>> >>>> >>>> >>>>> >>>>> if you really cannot, then the binary should be statically linked. >>>>> dynamically linked binaries from other systems either will not work >>>>> because of missing libraries, or will potentially crash at runtime due >>>>> to ABI problems, so it's not a very good idea. >>>>> >>>> >>>> Yes, this is what I thought, too. However, according to Sean, it seems >>>> that the vpnc binary uses only libraries which are present in CoreOS, so >>>> it >>>> should run even without static linking. >>>> >>>> Derek >>>> >>> -- > Seán C McCord > CyCore Systems, Inc > +1 888 240 0308 > PGP/GPG: http://cycoresys.com/scm.asc >
