[GH-ISSUE #442] client not accessing remote network #415

New issue

Closed

opened 2026-03-02 08:18:47 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 08:18:47 +03:00

Owner

Copy link

Originally created by @H4rDBuG on GitHub (Aug 9, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/442

Checklist

• [ x ] I read the README
• [ x ] I read the Important notes
• [ x ] I followed instructions to configure VPN clients
• [ x ] I checked IKEv1 troubleshooting, IKEv2 troubleshooting, enabled logs and checked VPN status
• [ x ] I searched existing Issues
• This bug is about the IPsec VPN server Docker image, and not IPsec VPN itself

Describe the issue
Client configured in ikev2, tunnel ok but no connection. My client 192.168.43.13 can ping the container vpn IP (172.255.0.2) but not ping others containers in 172.255.x.x.

To Reproduce
Steps to reproduce the behavior:

1. install an configure docker and container
2. follow instructions to configure ikev2

Expected behavior
access ressources in docker's network (172.255.x.x) and ultimately access ressources in docker's host network (172.16/16)

Logs
Enable logs, check VPN status, and add error logs to help explain the problem, if applicable.

Server (please complete the following information)

• Docker host OS: Debian 12.5

Client (please complete the following information)

• Device: Computer
• OS: Windows 11
• VPN mode: IKEv2

Additional context
probably configuration routing missing but don't know where to search and how to link 192.168.13 to my 172.16 :

                Docker host network (172.16/16)
                                        |
         Docker server                   Others ressources
                    |
          VPN Container (172.255.0.2)              Others containers (172.255.0.x)
                    |                                                                     |
                    |                                                                     x
                    |                                                                     |
                                            Client (192.168.43)

Originally created by @H4rDBuG on GitHub (Aug 9, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/442 **Checklist** - [ x ] I read the [README](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md) - [ x ] I read the [Important notes](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#important-notes) - [ x ] I followed instructions to [configure VPN clients](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README.md#next-steps) - [ x ] I checked [IKEv1 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#ikev1-troubleshooting), [IKEv2 troubleshooting](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md#ikev2-troubleshooting), [enabled logs](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#enable-libreswan-logs) and checked [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status) - [ x ] I searched existing [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ ] This bug is about the IPsec VPN server Docker image, and not IPsec VPN itself <!--- If you found a reproducible bug for the IPsec VPN, open a bug report at https://github.com/libreswan/libreswan. Ask VPN-related questions on the [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) or [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) users mailing list, or search e.g. [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn). ---> **Describe the issue** Client configured in ikev2, tunnel ok but no connection. My client 192.168.43.13 can ping the container vpn IP (172.255.0.2) but not ping others containers in 172.255.x.x. **To Reproduce** Steps to reproduce the behavior: 1. install an configure docker and container 2. follow instructions to configure ikev2 **Expected behavior** access ressources in docker's network (172.255.x.x) and ultimately access ressources in docker's host network (172.16/16) **Logs** [Enable logs](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#enable-libreswan-logs), check [VPN status](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#check-logs-and-vpn-status), and add error logs to help explain the problem, if applicable. **Server (please complete the following information)** - Docker host OS: Debian 12.5 **Client (please complete the following information)** - Device: Computer - OS: Windows 11 - VPN mode: IKEv2 **Additional context** probably configuration routing missing but don't know where to search and how to link 192.168.13 to my 172.16 : Docker host network (172.16/16) | Docker server Others ressources | VPN Container (172.255.0.2) Others containers (172.255.0.x) | | | x | | Client (192.168.43)

kerem closed this issue 2026-03-02 08:18:47 +03:00

kerem commented 2026-03-02 08:18:48 +03:00

Author

Owner

Copy link

@hwdsl2 commented on GitHub (Aug 10, 2024):

@H4rDBuG Hello! Please see Access other containers on the Docker host. By default, this Docker image does not block outgoing traffic to other containers. I've tested a similar use case before (as described in the link), where VPN clients connected to the Docker container at 172.17.0.2 were able to access services on an Nginx server running in a different container at 172.17.0.3.

For your use case, it is possible that the traffic may be blocked by IPTables rules on your Docker host, or IPTables rules in other containers you want to access. You'll need to look into those yourself. Note that in this use case, when VPN clients access resources on other containers while connected to the VPN, it may appear that the traffic is from the VPN container 172.255.0.2, not from the client 192.168.43.x.

<!-- gh-comment-id:2282262049 --> @hwdsl2 commented on GitHub (Aug 10, 2024): @H4rDBuG Hello! Please see [Access other containers on the Docker host](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#access-other-containers-on-the-docker-host). By default, this Docker image does not block outgoing traffic to other containers. I've tested a similar use case before (as described in the link), where VPN clients connected to the Docker container at `172.17.0.2` were able to access services on an Nginx server running in a different container at `172.17.0.3`. For your use case, it is possible that the traffic may be blocked by IPTables rules on your Docker host, or IPTables rules in other containers you want to access. You'll need to look into those yourself. Note that in this use case, when VPN clients access resources on other containers while connected to the VPN, it may appear that the traffic is from the VPN container `172.255.0.2`, not from the client `192.168.43.x`.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

No labels

bug

pull-request

question

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#415

No description provided.