Hi docker community,

this may not be the right place to ask, but I found no better community/forum so far - please excuse me.

I’m some kind of an network engineer but new to docker networking and need a little hint or be pushed into the right direction.

I set up a (open)VPNserver in a docker container which creates a virtual network behind a TUN device, let´s say 10.10.10.0/26 behind the containers network interface.

If I bridge the docker container to the host network via a macvlan-bridge I can set up a static route from my internal office lan to 10.10.10.0/26 with the docker container as the gateway - so far so good.

But I´d like to use docker for terms of scaling, e.g. if more vpnClients are needed in a hurry, I´d like to (automatically) deploy a second container with the next network 10.10.10.64/26, maybe even on a different docker host.

How do I manage this by network design?

How do I dynamically know from my office backend router on what host, in which container I find client IP 10.10.10.23 or 10.10.0.75 in above’s example. There should be no NAT included, I would like to directly reach all VPN clients from my internal networks. Also for any traffic so that a reverse https proxy is not the solution :-).

I´m thinking about Kubernetes as a solution, I could route everything to “Kubernetes”, how does Kubernetes know to what POD to route the traffic (back) ?

I hope you understand my question and why I call it a “network design question”.

I´d be very happy about any ideas.

Bests Regards from Hamburg, Germany,
Christian