I would like to setup strongswan on my DockerHost in order to allow containers on the leftSubnet which is a docker network subnet to communicate with my rightSubnet in the IPSEC TUNNEL.
10.0.10.0/24 which is my leftSubnet on DockerHost was created using:
docker network create --subnet 10.0.10.0/24
IPSEC IKE Configuration on DockerHost:
conn VPN-DOCKERHOST-REMOTE
authby=secret #this specifies how the connection is authenticated
auto=start #start the connection by default
type=tunnel #the type of connection
left=1.1.1.1 #This is the public ip address of server MAESTRIA
leftsubnet=10.0.10.0/24 #This is the subnet/private ip of server MAESTRIA
right=2.2.2.2 #This is the public ip address of server RESAMUT/remote server
rightsubnet=10.1.1.0/24 #This is the subnet/private ip of server RESAMUT
ike=aes128-sha256-modp3072 #Internet key exchange, type of encryption keyexchange=ikev2 #Internet key exchange version
ikelifetime=28800s #Time before re authentication of keys
esp=aes128-sha256 #Encapsulation security suite of protocols
IPSEC IKE is Up between my DockerHost and the RemoteServer, but I can't ping from my containers to the remote subnet.
I think trafics that match the remote subnet from my container are routed outside of the tunnel because of the iptables or something like that but I can't figure out the problem.
