Routing issue witch Docker and Vlans

Post by Wiggle » 2020/05/28 08:13:15

Hi guys,

I'm facing an issue and don't really know how to solve it so i need your help.

I have 1 server with 2 NICs:
- eno1 is a vlan 2 and has an ip (GW
- eno2 is a trunk
eno2.4 is in vlan 4 ( gw .254)
eno2.5 is in vlan 5 ( gw .254)

I have some docker hosts running so i need to enable ipv4.forwarding.
Most of my hosts are only reachable via vlan2 but i created a docker container using macvlan and mapped it to eth2.5 (Openvpn container)

I can successfully connect to the openvpn from outside and get an ip address in my VPN subnet (
I can successfully ping or reach devices within vlan 2 from Openvpn subnet (for example ping and https to works) but my problem is to reach my server ip, ping is KO and i can't access any port.

I figured out that in order to reach (client in vlan2) traffic is sent to the gateway 5.254 (NAT is ongoing at the docker container level) but as i can reach other devices in vlan 2 there is no issue with that.
When traffic has destination the server ip ( traffic is not sent to the gateway due to the routing taking place at the Centos kernel level (route directly connected) but then with a traceroute i can see an asymetric routing ongoing.

IP routes and rules are configured correctly as all other traffic is matching the rule/routes created.

Yesterday i tried to delete manually the local routes to vlan 5 and it worked for a while but then it stopped working, i found out that my interface was deleted ( so i assume it was working due to the cache of my router(.254 for each vlan) that had a route cached and when it expired couldn't reach the interface vlan5.

Do you guys have any idea how to be able to access my server from my openvpn subnet?
I can't delete ipv4.forward as otherwise i can't access my docker containers...

Thanks in advance.



