IPsec
Revision as of 13:56, 13 October 2015 by Sergey Bronnikov (talk | contribs)
For IPsec to work inside a container:
- Kernel 042stab084.8 or later
- The following kernel modules must be loaded before container start:
af_key esp4 esp6 xfrm4_mode_tunnel xfrm6_mode_tunnel
- Capability
net_admin
must be granted to a container
Tested with libreswan.
Limitations:
- online migration on a Container with IPsec inside - does not work