Cumulocity IoT Feedback Portal
For NBIoT SIM cards it is necessary to create isolated VPN networks, where die devices are available. They create a VPN which can be reached by an openvpn client, which always gets the same IP within the vpn network.
Currently we run a docker container within a POC, which uses openvpn and a microservice, which is talking to c8y services.
To run open vpn within a container, it is necessary to have networking privileges (as the container needs a tun device)
The required feature would be the possibility of creating containers with network access (outwards) to create the vpn.
Security concerns should be reviewed to avoid complications in isolation to other tenants services.
Target is to create tenant based microservices with vpn termination,
Thanks a lot for the feedback. We have been discussing this internally, while generally outbound connectivity from a microservice is possible already today, it is not possible to do a VPN termination within a microservice inside Cumulocity IoT. Unfortunately, as Cumulocity IoT is a multi-tenant platform, we cannot change this behaviour for security reasons. Our recommendation is to host any application which does a VPN termination outside of Cumulocity IoT. Note, that it is possible to integrate external applications with Cumulocity IoT.
