From 24d6f4af60db4f7f89b61dd123fe61d8f67874ab Mon Sep 17 00:00:00 2001
From: Aurora Gaffney <aurora@blinklabs.io>
Date: Sat, 10 May 2025 08:08:24 -0400
Subject: [PATCH] feat: support for configuring iptables masquerading for NAT

Signed-off-by: Aurora Gaffney <aurora@blinklabs.io>
---
 Dockerfile     |  2 +-
 bin/entrypoint | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 208a551..73c8adc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ COPY bin/ /usr/local/bin
 
 RUN apt-get update \
  && apt-get dist-upgrade -y \
- && apt-get install -y openvpn \
+ && apt-get install -y openvpn iptables \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* \
  && chmod +x /usr/local/bin/*
diff --git a/bin/entrypoint b/bin/entrypoint
index a47b71b..0be0e32 100644
--- a/bin/entrypoint
+++ b/bin/entrypoint
@@ -1,9 +1,19 @@
 #!/bin/bash
 
+CONFIG_DIR=/etc/openvpn
+
+ENABLE_NAT=${ENABLE_NAT:-1}
+NAT_SOURCE=${NAT_SOURCE:-10.8.0.0/24}
+NAT_DEVICE=${NAT_DEVICE:-eth0}
+
 # Create device for tun interfaces
 mkdir -p /dev/net
 if [ ! -c /dev/net/tun ]; then
-    mknod /dev/net/tun c 10 200
+	mknod /dev/net/tun c 10 200
+fi
+
+if [[ $ENABLE_NAT = 1 ]]; then
+	iptables -t nat -A POSTROUTING -s ${NAT_SOURCE} -o ${NAT_DEVICE} -j MASQUERADE
 fi
 
-openvpn --config /etc/openvpn/openvpn.conf $@
+exec openvpn --config ${CONFIG_DIR}/openvpn.conf --cd ${CONFIG_DIR} $@