0

I use Laradock for my project, which attacks an external MySql server. Recently, this server had been protected by Fortinet IPsec VPN. I work with Ubuntu 20.04, so I installed strongSwan as explained in this article.

After doing sudo ipsec up MYSERVER, I can access from console to the MySql server.

However, from docker I get:

SQLSTATE[HY000] [2002] No route to host

Following this answer, I tried to add to my docker-compose.yml the following entry:

  extra_hosts:
    - "VPN_IP:192.168.150.74"

But I still get the same error; docker cannot connect to DB server.

(instead of VPN_IP I put the explicit IP, 192.168.150.74 is my local IP which is related to the VPN).

Any idea how to solve it?

guyaloni
  • 51
  • 3
  • 1
    It seems that your docker network can't find a route to the VPN network. You can try to manually add a route (route add ...). – Vinicius Jul 05 '22 at 11:52
  • @Vinicius, can you please add more information? I guess I should add something to `docker-compose.yml`? – guyaloni Jul 05 '22 at 17:14
  • I think it's not a problem with the containers. Usually containers have a default route the bridge interface on the host machine it self. So all unknown destination should be routed to the docker host machine. A `traceroute` from the docker container to the mysql server would be interesting. Or a `tcpdump` on the bridge interface also could be helpful. – almdandi Aug 05 '22 at 08:50
  • try to use `host` networking and see if this solves your problem https://docs.docker.com/network/host/ https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode – ttsakpc Aug 10 '22 at 11:55
  • it seems you need to enable forwarding in sysctl – Marcel Aug 11 '22 at 12:41
  • Also, extra_hosts is a directive that adds an entry to the /etc/hosts file in the container, it doesn't help at all with networking, it only helps to avoid issues with domain name resolution within containers. – Marcel Aug 11 '22 at 12:47

0 Answers0