[strongSwan] Docker on road warrior laptop

Harald Dunkel harald.dunkel at aixigo.com
Thu Jan 30 13:37:59 CET 2020

Hi folks,

are there any recommendations how to give a Docker container running on
a road warrior laptop access to the host's IPsec connection?

Easy testcase (using Docker's default bridge network):

	% docker run -it --rm debian
	# ping some.internal.ip.address
	From icmp_seq=1 Destination Port Unreachable
	From icmp_seq=2 Destination Port Unreachable
	From icmp_seq=3 Destination Port Unreachable
	From icmp_seq=4 Destination Port Unreachable
	--- some.internal.ip.address ping statistics ---
	4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 6ms

As you might have guessed, is the local gateway,

Problem is, the Docker container seems to ignore the IPsec connection and
the subnets accessible via the peer. It tries to use the default gateway.
Thats unfortunate, cause Docker copied /etc/resolv.conf from the host.

I checked the Wiki, of course, but maybe I was too blind to see.
Running Docker *inside* a container is not the use case here; not to
mention that I found https://wiki.strongswan.org/projects/strongswan/wiki/Cloudplatforms

Every helpful hint is highly appreciated


More information about the Users mailing list