Docker: How to give container access to network bridge on host? VPN-over-VPN

docker vpn bridge

Solution 1:

After trying a bunch of things I finally got it to (mostly) work. Turns out ipvlan is not the correct driver and this can be done with macvlan in passthru mode. Here's the relevant excerpt from my docker-compose.yml:

networks:
  main:
    driver: bridge
    ipam:
      config:
        - subnet: 172.21.8.0/24
  vlan:
    driver: macvlan
    driver_opts:
      parent: eno1.9
      macvlan_mode: passthru
    ipam:
      config:
        - subnet: 172.21.9.0/24

I found that I had to name my main network alphabetically before vlan, otherwise mapping ports to other daemons running in the containers didn't work. Also, specifically for openconnect I had to write a custom script to filter the address ranges pushed for split tunnel to exclude the 172.16.0.0/12 range, which caused connections to daemons running inside the container to be routed over the VPN inadvertently.

Another problem was that I couldn't use the USB-Ethernet dongle because the device name enxAABBCCDDEEFF was too long, preventing me from adding the vlan tag. I couldn't find a separate macvlan driver option to specify the tag. I ended up just using the main network interface eno1 and tagging the traffic that way.

Related

What is the difference between 'Red Hat Enterprise Linux STIG - Ver 3, Rel 3' and 'Red Hat Enterprise Linux 7 STIG Benchmark -Ver3,Rel3'
How to trigger swap space usage on linux?
What version of kibana I can use in Alibaba Cloud
Increasing the quota for an ECS instance in a region on Alibaba Cloud
VPN Connection site to site Alibaba Virtual Private Cloud
Do I need cPanel like software for my Production Server?
Unable to install mongoDB Community Edition on Ubuntu 14.04
AWS Route 53: How to migrate a hosted zone from one account to another completely?
Origin of “on thin ice”
Difference between 'yet' and 'although'
proper usage of "used to" when designating a change in name
Question tag for "you must have felt it too"?