6

I have a VPN gateway which allows remote access to a network with subnet 171.30.0.0/16.

I have a local machine setup with ubuntu 14.04 and strongswan which connects to that VPN server using IKEv2 RSA and while connected, I'm successfully able to ping all the hosts behind my VPN (say for example 171.30.0.200) from my ubuntu machine. VPN server assigns IPs out of virtual IP range 192.168.40.0/24 to clients. Lets say my ubuntu machine receives IP 192.168.41.1 when connected.

http://postimg.org/image/gad07tmez/

on this ubuntu machine I have docker installed and from inside one of docker images I have to access one of the machines behind VPN (171.30.0.200). I can not ping that server from inside docker container, even though pinging is successful from docker host (which is ubuntu machine). It is also interesting to know that pinging 192.168.41.1 is successful from inside docker container.

any idea what cloud the problem be?

mohamnag
  • 171
  • 2
  • 8
  • What is the routing table inside your Docker container? – John Jun 22 '15 at 13:50
  • inside container: $ ip route list default via 172.17.42.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2 – mohamnag Jun 22 '15 at 15:30
  • also tcpdump on host shows that packets are being forwarded: $tcpdump -v -n dst net 171.30.0.0/16 which outputs: 17:23:34.168438 IP (tos 0x0, ttl 64, id 1786, offset 0, flags [DF], proto ICMP (1), length 84) 172.17.0.2 > 171.30.0.200: ICMP echo request, id 69, seq 101, length 64 – mohamnag Jun 22 '15 at 15:36

1 Answers1

1

so it seemed that the problem was not route tables or so on, but the strongswan configuration on both client and server. I set all the left and right subnets on both client and server config to right values and also the left and right firewalls to true and restarted both side and since then it it working. I can ping from anywhere the other side of network.

mohamnag
  • 171
  • 2
  • 8