Hans makes it possible to tunnel IPv4 through ICMP echo packets, so you could call it a ping tunnel.
Client ---> G.F.W ---> Server ---> Internet
tun0 ping tun0
server:
image: vimagick/hans
environment:
- NETWORK=10.1.2.0
- PASSWORD=password
net: host
privileged: yes
restart: always
client:
image: easypi/hans-arm
environment:
- SERVER=1.2.3.4
- PASSWORD=password
net: host
privileged: yes
restart: always# Start Server Container
$ docker-compose up -d server
# Enable Masquerade (Method A)
$ iptables -t nat -A POSTROUTING -s 10.1.2.0/24 -o eth0 -j MASQUERADE
# Enable Masquerade (Method B)
$ firewall-cmd --add-masquerade# Start Client Container
$ docker-compose up -d client
# Access Server Directly
$ ip route add 1.2.3.4 via 192.168.1.1
# Change Default Route (Method A)
$ ip route change default via 10.1.2.1
# Change Default Route (Method B)
$ ip route add 0.0.0.0/1 dev tun0
$ ip route add 128.0.0.0/1 dev tun0
# Enable IP Forwarding
$ sysctl -w net.ipv4.ip_forward=1
$ iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE