[strongSwan] route traffic to docker0 bridge
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Oct 11 16:44:14 CEST 2017
Use `ip link` instead. It shows you every possible detail about your network interfaces. `brctl` is deprecated.
(e.g. `ip -d link show`)
IPsec policies and routing are different things. You need to configure a passthrough policy for the traffic to/from the docker subnet.
Kind regards
Noel
On 11.10.2017 16:38, Christoph Gysin wrote:
> Docker creates a bridge docker0 and routes traffic through it:
>
> $ brctl show
> bridge name bridge id STP enabled interfaces
> docker0 8000.0242e39e4cfd no vethc5308b1
>
> $ ip route
> [...]
> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
>
> After starting an ipsec connection, this stops working.
>
> I'm trying to understand how traffic is routed, and read:
> https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan#Routing
>
> I can see it created the routing table 220:
>
> $ ip route show table 220
> default via 10.181.24.1 dev wlp2s0 proto static src 10.191.2.52
>
> I also found some pointers in https://wiki.strongswan.org/issues/1247,
> but I'm still not sure what is the right way to fix this.
>
> How can I configure my system to allow traffic to 172.17.0.0/16 be
> routed to docker0 even when the ipsec connection is up?
>
> Thanks,
> Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171011/875fe751/attachment.sig>
More information about the Users
mailing list