This tutorial will show how to create a LXD container that has an “eth0” interface address on the MAIN LAN and a “eth1” interface address on a VLAN. I presented a video showing how to create a “VPN Gateway for your LAN” where we built a VM that connects to NordVPN. I have a follow-on video which takes that VPN server and shows how it can be used to create a “VLAN VPN Gateway as a Service”.
Although this guide can stand alone, the two videos mentioned above are designed to complete this use case.
-
Log into your QNAP or LXD host and list profiles:
lxc profile list -
“ip route show” to find the name of your interface.
-
Copy the “default” profile to a profile we will call “dual-vlan”:
lxc profile copy default dual-vlan -
Edit the new profile:
lxc profile edit dual-vlan -
Press “i” for insert mode and delete the contents of the file.
-
Copy the following contents into the file:
config:
user.network-config: |
version: 1
config:
- type: physical
name: eth0
subnets:
- type: dhcp
ipv4: true
- type: physical
name: eth1
subnets:
- type: dhcp
ipv4: true
description: Dual NIC Profile
devices:
eth0:
name: eth0
nictype: bridged
parent: qvs1
type: nic
eth1:
name: eth1
nictype: macvlan
parent: qvs1
type: nic
vlan: "200"
root:
path: /
pool: default
type: disk
name: dual-vlan
Change the instances of “qvs1” above to be the name of your interface. Be sure that the switch port that the interface is connected to has profile “all” set so that “eth1” can connect to the VLAN. Change your vlan number to your vlan number which must exist before this procedure.
Save the file above with an ESC “:wq” in order to write the file and quit the editor.
Create the LXD Container with your two NICs:
lxc launch ubuntu:20.04 NordVPN-Desktop --profile dual-vlan -c security.privileged=true -c limits.memory=2048MB -c limits.cpu.allowance=20% -c boot.autostart=true
You will also want to consider setting DHCP address reservations for the eth0 and eth1 addresses for your new system as a way of statically defining the addresses on your router.
Add a desktop to your LXD Server instance:
- “lxc exec NordVPN-Desktop bash” to connect to the new container.
- Create a user account “adduser scott”
- Give the user sudo: “usermod -aG sudo scott”
- Install tasksel: “apt install tasksel”
- Install ssh server: “apt install openssh-server”
- Install Ubuntu Desktop to the server: “tasksel install ubuntu-desktop”
- Install net-tools: “apt install net-tools”
- Find the address on your main lan: “ifconfig” (address of eth0)
Add a Windows RDP Server to the LXD container:
- wget https://c-nergy.be/downloads/xRDP/xrdp-installer-1.4.8.zip
- unzip xrdp-installer-1.4.8.zip
- bash xrdp-installer-1.4.8.sh
- Reboot the LXD Instance
Use an app like Guacamole, Windows RDP, or Remmina Remote Desktop for Linux to connect to the new server via the RDP using the eth0 address.
If you followed the other two tutorials, you should notice the LXD instance thinks the WAN address is the address of the NordVPN server since all systems on VLAN 200 are forced through the VPN Gateway server we created in the earlier tutorials.
An easy way to find out your WAN address is to open a terminal in the LXD instance and issue this command:
curl config.me
This guide builds on many other of my YouTube tutorials on LXD containers especially “VPN Gateway for your LAN” and “VLAN VPN Gateway as a Service”.