[strongSwan] rightsubnet=0.0.0.0/0 cause interface listening TCP port fail to work
peyoot at hotmail.com
Mon Dec 28 07:56:57 CET 2020
I use a VPN server with public IP as gateway to bridge clients communication. I recently found that if I use rightsubnet=0.0.0.0/0 on client linux, it will also make the docker listening TCP port fail to work on interface.
For example, my client's IP is 10.10.8.229, I have a docker nginx mapping 0.0.0.0:1080->80/tcp and this works fine when vpn tunnel doesn't up. And I could telnet to 10.10.8.229 1080 port. But when VPN tunnel is setup, I couldn't access this nginx service anymore, I couldn't telnet to this 1080 port anymore . I can only telnet 127.0.0.1 1080 to this service. Only if I chage rightsubnet=0.0.0.0/0 to a narrowed down one like 192.168.1.0/24 will the TCP listen restore to work.
But I need to set rightsubnet=0.0.0.0/0 to make all clients forward trafic to VPN server so that client can talk to client. Just wonder how to make such service keep working.
VPN server (22.214.171.124)：
VPN client: ipsec.conf
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users