I need to understand how to make two docker containers work with a scenario like this:
There is a branch office with a router and a client. The network is 192.168.190.0/24 and the addresses are 1 and 57.
There is somewhere else a VM facing on the internet with public IP X.Y.Z.K and the docker environment installed on top.
Inside there are two containers. The first one is a web server facing only on a private network with address 192.168.80.2. The other container has connection on the private network with address 192.168.80.44 and exposes its 1194 port on the other network interface to the public IP.
I need to be able to make 192.168.190.57 open the pages on 192.168.80.2.
The VPN part works fine (the router connects and is pingable from the client) and I don't need help on that.
By default if you define a network internal: true it means that some iptables rules will be enacted to block all the containers on the lan segment from getting out of it.
At the beginning I thought it was just the route from, let's say, 192.168.80.2 to 192.168.80.1 (the ip assigned to the host machine for that lan segment) and then to the internet. Reading carefully all the iptables rules I found that the forwarding is also disabled.
Removing the internal: true allowed the container to route through the VPN as expected at the cost of allowing the web server to access directly the public internet.
If you look closely to the scheme in the image you could see that the docker container for the VPN is a server, not a client. I don’t think that image would work for me.