Let Docker access the internet by passing through the VPN connection

My host machine, a laptop running Manjaro Linux, is connected via VPN to the internet. I use strongSwan, the open-source IPsec-based VPN solution.

IPsec with the IKEv2 protocol is fast and secure.

Now, Docker doesn’t work. Networking issues are a common problem with VPN and Docker.

You can piggyback your Docker container on the host network. That technique only works on Linux machines.

The Docker container doesn’t get its own network. But you can’t (and don’t need to) re-map ports.

Another approach is using the bypass-lan plugin. The method should also work on macOs and Windows.

You can enable the plugin under /etc/strongswan.d/charon/bypass-lan.conf:

bypass-lan {

    ## A comma-separated list of network interfaces for which connected subnets
    ## should be ignored, if interfaces_use is specified this option has no
    ## effect.
    ## interfaces_ignore =

    ## A comma-separated list of network interfaces for which connected subnets
    ## should be considered. All other interfaces are ignored.
    ## interfaces_use =

    ## Whether to load the plugin. Can also be an integer to increase the
    ## priority of this plugin.
    load = yes

}

Make sure to load the plugin. Example settings for /etc/strongswan.conf (modular configuration):

## strongswan.conf - strongSwan configuration file
#
## Refer to the strongswan.conf(5) manpage for details
#
## Configuration changes should be made in the included files

charon-systemd {
  threads = 16
  plugins {
  	include strongswan.d/charon/*.conf
	}
}
include strongswan.d/*.conf

Further Reading