[strongSwan] Docker on road warrior laptop
Harald Dunkel
harald.dunkel at aixigo.com
Thu Jan 30 13:37:59 CET 2020
Hi folks,
are there any recommendations how to give a Docker container running on
a road warrior laptop access to the host's IPsec connection?
Easy testcase (using Docker's default bridge network):
% docker run -it --rm debian
# ping some.internal.ip.address
From 10.100.0.2 icmp_seq=1 Destination Port Unreachable
From 10.100.0.2 icmp_seq=2 Destination Port Unreachable
From 10.100.0.2 icmp_seq=3 Destination Port Unreachable
From 10.100.0.2 icmp_seq=4 Destination Port Unreachable
^C
--- some.internal.ip.address ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 6ms
As you might have guessed, 10.100.0.2 is the local gateway,
Problem is, the Docker container seems to ignore the IPsec connection and
the subnets accessible via the peer. It tries to use the default gateway.
Thats unfortunate, cause Docker copied /etc/resolv.conf from the host.
I checked the Wiki, of course, but maybe I was too blind to see.
Running Docker *inside* a container is not the use case here; not to
mention that I found https://wiki.strongswan.org/projects/strongswan/wiki/Cloudplatforms
Every helpful hint is highly appreciated
Harri
More information about the Users
mailing list