ricardofandrade
commented
2 years ago Found my issue with Apple devices (a mistake apparently). Though I found out that actually I did not need to expose the port 1701 at all to make it work. The link above mentions:
Also, it is not necessary to open UDP port 1701 on firewalls
So apparently the same applies to exposed container ports. The link above also mentions the traffic in 1701 is internal, which I could see in the packet logs, such as:
2022-03-03,06:24:05.443,SID-SECURENAT-1,SID-...-[L2TP]-8,5EB0A80C8452,CA30F38F6AD8,0x0800,104,UDPv4,-,192.168.30.1,domain(53),192.168.30.10,64040,-,-,-,....,-,172.17.0.1(port=1701)If that's true, 1701 could be potentially omitted from docs/Dockerfile.
According to https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol#L2TP/IPsec that's an UDP port.
I'm having issues connecting from Apple devices (which start with a L2TP HELLO message on UDP 1701). I tried to switch the docker command to expose the port 1701 as UDP, and by running
tcpdumpwithin the container I can at least see the HELLO messages coming. When exposed as TCP I see nothing and the on the client (macOS) I see unreachable packets - since the 1701 is not open for UDP.This is less about solving my problem with Apple devices (probably something else), and more about make sure the docs/Dockerfile is using the right settings.