My goal is to create an additionnal OpenVPN tunnel to my own OVPN server. I want to share this connection to 2 other containers running. 1 of these container need to also have access to host LAN.
Right now, using OpenVPN in a docker container as part of a docker-compose is very inconvenient in BalenaOS. I didn’t find a good solution to share the tunnel to others services. (I tried the network: service and multiple other solutions… )
However, the host already make use of OpenVPN for supervisor tunnel etc… and I found that by running a new instance of openvpn on the host through ssh (openvpn --config my_client.ovpn), I can successfully create a new tunnel and by using the network=host mode in the compose file, every containers can share this connection.
The my_client.ovpn file is persistent in /etc/openvpn (shared by resin-data I think) but everytime I reboot the computer, the tunnel disappears (obvisously).
I tried to find a way to create a new service to start up this tunnel at start but since system is read-only I can’t…
Is there a possibility to configure a new OVPN connection and make it permanent ? (through systems-connections?)
Otherwise it would be nice to :
- have hostapps made by users that can run on host
- create new services in systemd
- add a openvpn tunnel directly in systems-connections file
If you have another solutions to make this working, I’m all hears !!