Feature Request: Automatically (optionally?) add masquerade rules for unsafe routes #1402
Description
Currently the unsafe route/subnet configuration requires the user to manually configure NAT/masquerade for traffic sourced from the overlay towards the unsafe route subnet. I'd like to propose (optionally?) automating the process of adding the masquerade configuration (step 5 in the Nebula subnet routing guide) when unsafe routes are present on a host.
It seems the majority of use cases rely on NAT being configured for unsafe routes to work correctly; not configuring NAT would be the exception in cases where there is an upstream router/gateway directing traffic towards the overlay. If NAT is not configured, all of the other hosts on the same subnet as the overlay "router" will require static routes for the overlay subnet pointing to the Nebula host acting as the router. Both of these configurations seem like they would be the exception, not the norm.
Making NAT the default configuration also makes sense if there will be more than one subnet "router" exposing the same subnet to the overlay as there will be less chance of assymetric routing.