Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Traffic to containers via NAT stops working when using IPSec to encrypt network connections #244
Using Windows Server 1709 or 1803 we are attempting to use IPSec encryption along with Windows Containers using NAT. For example:
IPSec is being enabled via standard WFP configuration with:
We can reproduce this issue with Cloud Foundry which uses hcsshim as part of the https://github.com/cloudfoundry/winc component and we also see the same behavior using Docker, such as:
It appears that this is a fundamental limitation with WinNAT / HNS / WFP but we aren't sure if some combination of settings can make this work.
FYI, we requested Microsoft update their documentation to make it clear that IPSec to the container is not supported at this time:
It is being considered for inclusion in a future version of Windows per Microsoft support.