Docker: host grabs ICMP packets (Strongswan IPsec)

Question

These machines are Docker containers with strongswan installed running IPsec tunnels.

routeur1 and routeur2 have a site-to-site IPsec tunnel, while pc-nomad have a IPsec tunnel with routeur1. routeur1 have pc1 as client in their subnet.

pc-nomad reaches pc1, but apparently the host grabs the ICMP packet and it doesn't return the reply.

Kazh · Accepted Answer · 2018-12-08 13:24:12Z

0

One solution I found was to add a NAT rules in the routers for the packets coming from the 192.16.1.0/24 subnet :

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

But still, it seems weird that the host takes the packet from the other subnet.

answered Dec 8, 2018 at 13:24

Kazh

35 bronze badges

Add a comment |

Stack Exchange Network

Docker: host grabs ICMP packets (Strongswan IPsec)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
networking
vpn
docker
ipsec
strongswan
.

Hot Network Questions

Docker: host grabs ICMP packets (Strongswan IPsec)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged networkingvpndockeripsecstrongswan.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
networking
vpn
docker
ipsec
strongswan
.