I’m trying to route traffic from a Docker container through a VPN tunnel on my Ubuntu server, but I'm encountering issues with routing. Here’s the setup and what I’ve tried so far:
Setup:
Docker Container IP Address:
172.20.0.2Docker Custom Bridge Network Subnet:
172.20.0.0/16VPN Interface:
vti1VPN Local IP Address:
192.168.200.1VPN Peer IP Address:
10.129.20.2Default Route:
default via 142.93.128.1 dev eth0Routing Table
vpn:default via 192.168.200.1 dev vti1
Current Routing and IP Rules:
$ ip route show
default via 192.168.200.1 dev vti1172.20.0.0/16 via 192.168.200.1 dev vti1root@dockeronubuntu2204-s-1vcpu-1gb-ams3-01:~# ip route showdefault via 142.93.128.1 dev eth0 proto static10.18.0.0/16 dev eth0 proto kernel scope link src 10.18.0.510.110.0.0/20 dev eth1 proto kernel scope link src 10.110.0.210.129.20.0/27 dev vti1 scope link142.93.128.0/20 dev eth0 proto kernel scope link src 142.93.141.70172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1172.18.0.0/16 dev br-db5a54d34c53 proto kernel scope link src 172.18.0.1 linkdown172.20.0.0/16 dev br-60ce34a14131 proto kernel scope link src 172.20.0.1192.168.200.0/24 via 192.168.200.1 dev vti1$ ip route show table vpn
default via 192.168.200.1 dev vti1172.20.0.0/16 via 192.168.200.1 dev vti1$ ip rule show
0: from all lookup local216: from 172.20.0.0/16 lookup vpn217: from 172.18.0.0/16 lookup vpn218: from 192.168.96.0/20 lookup vpn220: from all lookup 22032766: from all lookup main 32767: from all lookup defaultip addr show vti1 gives:
18: vti1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000 link/ipip 192.168.200.1 peer 10.129.20.2 inet 192.168.200.1/24 scope global vti1 valid_lft forever preferred_lft forever inet 192.168.200.2/24 scope global secondary vti1 valid_lft forever preferred_lft forever inet6 fe80::5efe:c0a8:c801/64 scope link valid_lft forever preferred_lft foreverIssue: When I attempt to ping 192.168.200.1 from the container with IP 172.20.0.2, the traffic doesn’t seem to be routing through the VPN, I checked using tcpdump -i vti1. On the other hand, trying to ping 192.168.200.0, I do see the traffic going through vti1, and the ping returns: From 192.168.200.1 icmp_seq=1 Destination Host Unreachable.
Does anyone know what I am missing? It seems to me that the vpn interface is not properly configured to handle traffic through 192.168.200.0/24, although I am very new into IT and do not know where to look anymore to solve the problem.
Additional Information:
I’m using Ubuntu 22.04 on the server.
The Docker container is connected to a custom bridge network.
