From 1a63139ed9adfa0f96d28af45dcf3e6f84a42bef Mon Sep 17 00:00:00 2001
From: Jason Parks <jrparks@gmail.com>
Date: Wed, 17 May 2023 10:55:11 -0600
Subject: [PATCH 1/6] This patch is to add in support for IP NAT Masquerade
 functionality.

---
 Dockerfile         | 1 +
 README.md          | 1 +
 docker-compose.yml | 1 +
 startup.sh         | 6 ++++++
 4 files changed, 9 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 07e3095..c07a7db 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,6 +12,7 @@ ENV OPENVPN_OPTS=
 ENV CONNECTION_TYPE=tcp
 ENV LAN_NETWORK=
 ENV CREATE_TUN_DEVICE=
+ENV ENABLE_MASQUERADE=true
 ENV OVPN_CONFIGS=
 ENV ENABLE_KILL_SWITCH=true
 HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -s https://api.surfshark.com/v1/server/user | grep '"secured":true'
diff --git a/README.md b/README.md
index c09a85b..b4b6f1b 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@ The container is configurable using 5 environment variables:
 |CONNECTION_TYPE|No|The connection type that you want to use: tcp, udp|
 |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24|
 |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users|
+|ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.|
 |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files)
 |ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality
 
diff --git a/docker-compose.yml b/docker-compose.yml
index c58e9eb..5e2490f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
             - SURFSHARK_CITY=mil
             - CONNECTION_TYPE=udp
             - LAN_NETWORK=192.168.0.0/24      #Optional - Used to access attached containers web ui
+		- ENABLE_MASQUERADE=true #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
         cap_add: 
             - NET_ADMIN
         devices:
diff --git a/startup.sh b/startup.sh
index da6eac6..0642257 100644
--- a/startup.sh
+++ b/startup.sh
@@ -32,6 +32,12 @@ if [ "${CREATE_TUN_DEVICE}" = "true" ]; then
   chmod 0666 /dev/net/tun
 fi
 
+# Enable NAT w MASQUERADE mode
+if [ "${ENABLE_MASQUERADE}" = "true" ]; then
+  echo "Enabling IP MASQUERADE using IP Tables"
+  iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
+fi
+
 openvpn --config $VPN_FILE --auth-user-pass vpn-auth.txt --mute-replay-warnings $OPENVPN_OPTS --script-security 2 --up /vpn/sockd.sh
 
 if [ "${ENABLE_KILL_SWITCH}" = "true" ]; then

From 9b2085e50812debd6a6836229ffdb8b3ae290b39 Mon Sep 17 00:00:00 2001
From: jrparks <jrparks@gmail.com>
Date: Mon, 22 May 2023 21:58:42 -0600
Subject: [PATCH 2/6] Update docker-compose.yml

Co-authored-by: Matteo Pietro Dazzi <matteopietro.dazzi@gmail.com>
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5e2490f..63c7e8e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
             - SURFSHARK_CITY=mil
             - CONNECTION_TYPE=udp
             - LAN_NETWORK=192.168.0.0/24      #Optional - Used to access attached containers web ui
-		- ENABLE_MASQUERADE=true #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
+	- ENABLE_MASQUERADE=true       #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
         cap_add: 
             - NET_ADMIN
         devices:

From 56c5678c6d5553c91c4aac15d6602e551cef2666 Mon Sep 17 00:00:00 2001
From: jrparks <jrparks@gmail.com>
Date: Mon, 22 May 2023 22:08:33 -0600
Subject: [PATCH 3/6] Update docker-compose.yml

Updated the spacing
---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 63c7e8e..d02296e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
             - SURFSHARK_CITY=mil
             - CONNECTION_TYPE=udp
             - LAN_NETWORK=192.168.0.0/24      #Optional - Used to access attached containers web ui
-	- ENABLE_MASQUERADE=true       #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
+            - ENABLE_MASQUERADE=true          #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
         cap_add: 
             - NET_ADMIN
         devices:

From 00002e9ef8db30dba2908014a322657a9915f953 Mon Sep 17 00:00:00 2001
From: Matteo Pietro Dazzi <matteopietro.dazzi@gmail.com>
Date: Tue, 30 May 2023 21:38:10 +0200
Subject: [PATCH 4/6] Update Dockerfile

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c07a7db..103f0cf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ ENV OPENVPN_OPTS=
 ENV CONNECTION_TYPE=tcp
 ENV LAN_NETWORK=
 ENV CREATE_TUN_DEVICE=
-ENV ENABLE_MASQUERADE=true
+ENV ENABLE_MASQUERADE=
 ENV OVPN_CONFIGS=
 ENV ENABLE_KILL_SWITCH=true
 HEALTHCHECK --interval=60s --timeout=10s --start-period=30s CMD curl -s https://api.surfshark.com/v1/server/user | grep '"secured":true'

From 56d4730121b04a292a34459d939c7a7f47445599 Mon Sep 17 00:00:00 2001
From: Matteo Pietro Dazzi <matteopietro.dazzi@gmail.com>
Date: Tue, 30 May 2023 21:38:15 +0200
Subject: [PATCH 5/6] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b4b6f1b..f3f041b 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ The container is configurable using 5 environment variables:
 |CONNECTION_TYPE|No|The connection type that you want to use: tcp, udp|
 |LAN_NETWORK|No|Lan network used to access the web ui of attached containers. Can be comma seperated for multiple subnets Comment out or leave blank: example 192.168.0.0/24|
 |CREATE_TUN_DEVICE|No|Creates the TUN device, useful for NAS users|
-|ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.|
+|ENABLE_MASQUERADE|No|Masquerade NAT allows you to translate multiple IP addresses to another single IP address.|
 |OVPN_CONFIGS|No|Manually provide the path used to read the "Surfshark_Config.zip" file (contains Surshark's OpenVPN configuration files)
 |ENABLE_KILL_SWITCH|No|Enable the kill-switch functionality
 

From c7e0a8f5b3afe4342055040795a61836b34e3d63 Mon Sep 17 00:00:00 2001
From: Matteo Pietro Dazzi <matteopietro.dazzi@gmail.com>
Date: Tue, 30 May 2023 21:38:21 +0200
Subject: [PATCH 6/6] Update docker-compose.yml

---
 docker-compose.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index d02296e..c58e9eb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,6 @@ services:
             - SURFSHARK_CITY=mil
             - CONNECTION_TYPE=udp
             - LAN_NETWORK=192.168.0.0/24      #Optional - Used to access attached containers web ui
-            - ENABLE_MASQUERADE=true          #Optional - Masquerade NAT allows you to translate multiple IP addresses to another single IP address. Usefull when using KASM Workspaces VPN Sidecar.
         cap_add: 
             - NET_ADMIN
         devices: