Document #7 and add preshared key functionality

[JeWe37]

Preshared keys are used by default by some VPN providers, so this may be useful.

So far I only added a documentation note about #7, but potentially that functionality could be removed entirely as suggested there.

I also added a note about the possibility of routing things into the VPN namespace from the rest of the local network using iptables.

[chrisbouchard]

I don't think I understand the following:

Beware that is used in conjunction with the nsswitch.conf and resolv.conf tweaks above this will not work correctly, as systemd does not mount them into the right locations. There using ip netns exec may be more appropriate.

Is this saying that the systemd config given for Transmission Daemon doesn't use the nsswitch.conf or resolve.conf from /etc/netns/$NETNS_NAME? If so, I don't think that's something to be documented — I think that's a bug to be fixed. I thought they were working together correctly on the server where I'm using this, but it's possible I missed something.

[JeWe37]

Correct. I tried it by simply making a unit that cat's those two files while joining the netns and indeed they aren't used. The reason I don't think that's a bug is because if it were, it'd be one on systemd's end, which I don't really applies here. The reason is that PrivateNetwork= network namespaces don't even have a name that could be looked up in /etc/netns. The only reason that there is a name is that you're explicitly remounting the systemd network namespace to be your own. So really there's nothing to respect here.

Now it does all still work if you just... don't use DNS. Or just globally don't use systemd-resolved and the like. Hence my suggesting just to document it.