1,734
edits
Changes
no edit summary
For IPsec to work inside a container:
* Kernel 042stab084.8 or later
* Kernel module The following kernel modules must be loaded before container start:: <code>af_keyesp4 esp6 xfrm4_mode_tunnel xfrm6_mode_tunnel</code> must be loaded before starting containers
* Capability <code>net_admin</code> must be granted to a container
Tested with libreswan.
Limitations:
* online migration on a Container with IPsec inside - does not work
[[Category: HOWTO]]
[[Category: Networking]]
[[Category: TRD]]
