Docker: host grabs ICMP packets (Strongswan IPsec)

0

These machines are Docker containers with strongswan installed running IPsec tunnels.

routeur1 and routeur2 have a site-to-site IPsec tunnel, while pc-nomad have a IPsec tunnel with routeur1. routeur1 have pc1 as client in their subnet.

pc-nomad reaches pc1, but apparently the host grabs the ICMP packet and it doesn't return the reply.

Tomás Concepción Miranda

Posted 2018-12-08T09:57:16.497

Reputation: 3

Answers

0

One solution I found was to add a NAT rules in the routers for the packets coming from the 192.16.1.0/24 subnet :

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

But still, it seems weird that the host takes the packet from the other subnet.

Tomás Concepción Miranda

Posted 2018-12-08T09:57:16.497

Reputation: 3

Asked: 2018-12-08T09:57:16.497

Viewed: 217 times

Active: 2018-12-08T13:24:12.963