Wow, thanks for the quick response. I managed to get it to work by simply using the bypass-lan plugin:
https://wiki.strongswan.org/projects/strongswan/wiki/Bypass-lan Chris On Wed, Oct 11, 2017 at 5:44 PM, Noel Kuntze <[email protected]> wrote: > Use `ip link` instead. It shows you every possible detail about your network > interfaces. `brctl` is deprecated. > (e.g. `ip -d link show`) > > IPsec policies and routing are different things. You need to configure a > passthrough policy for the traffic to/from the docker subnet. > > Kind regards > > Noel > > On 11.10.2017 16:38, Christoph Gysin wrote: >> Docker creates a bridge docker0 and routes traffic through it: >> >> $ brctl show >> bridge name bridge id STP enabled interfaces >> docker0 8000.0242e39e4cfd no vethc5308b1 >> >> $ ip route >> [...] >> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown >> >> After starting an ipsec connection, this stops working. >> >> I'm trying to understand how traffic is routed, and read: >> https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan#Routing >> >> I can see it created the routing table 220: >> >> $ ip route show table 220 >> default via 10.181.24.1 dev wlp2s0 proto static src 10.191.2.52 >> >> I also found some pointers in https://wiki.strongswan.org/issues/1247, >> but I'm still not sure what is the right way to fix this. >> >> How can I configure my system to allow traffic to 172.17.0.0/16 be >> routed to docker0 even when the ipsec connection is up? >> >> Thanks, >> Chris > -- echo mailto: NOSPAM !#$.'<*>'|sed 's. ..'|tr "<*> !#:2" org@fr33z3
