Use `ip link` instead. It shows you every possible detail about your network interfaces. `brctl` is deprecated. (e.g. `ip -d link show`)
IPsec policies and routing are different things. You need to configure a passthrough policy for the traffic to/from the docker subnet. Kind regards Noel On 11.10.2017 16:38, Christoph Gysin wrote: > Docker creates a bridge docker0 and routes traffic through it: > > $ brctl show > bridge name bridge id STP enabled interfaces > docker0 8000.0242e39e4cfd no vethc5308b1 > > $ ip route > [...] > 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown > > After starting an ipsec connection, this stops working. > > I'm trying to understand how traffic is routed, and read: > https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan#Routing > > I can see it created the routing table 220: > > $ ip route show table 220 > default via 10.181.24.1 dev wlp2s0 proto static src 10.191.2.52 > > I also found some pointers in https://wiki.strongswan.org/issues/1247, > but I'm still not sure what is the right way to fix this. > > How can I configure my system to allow traffic to 172.17.0.0/16 be > routed to docker0 even when the ipsec connection is up? > > Thanks, > Chris
signature.asc
Description: OpenPGP digital signature
