Welcome, Guest Login

Support Center

It is impossible to establish IPsec connection from PCS host to container

Last Updated: Jul 24, 2016 07:54PM UTC


IPsec/VPN connection from a PCS 6.0 host (as a client) to a container in bridged mode (as a server) on this PCS 6.0 host is not operable, because too many packets are lost.


The implementation of virtual networks and bridged mode in PCS 6.0 relies on the feature via_phys_dev, which keeps the MAC address of the bridge equal to the MAC address of the physical interface, with this option the server routes all traffic for unknown destination through the plugged physical interface, and this feature ensures that there is only one physical interface plugged into the bridge interface.

This reduces the amount of resources needed for traffic forwarding and it simplifies management of bridges for virtual environments, as there is no need to move all network configuration from a physical interface to a bridged interface upon attaching the physical interface to the bridge.

For this specific type of VPN connection, this feature results in packets being sent to a wrong direction most of time.


In the long-term perspective, the feature via_phys_dev is to be removed in the future versions.

From another point of view, there is no sense in securing connections between the host server and the environment running on the same host:

  1. connections via venet0 interface in routed mode are always secure - containers have no way to get traffic designated to other containers;
  2. promiscuous mode for virtual environments in bridged mode is disabled by default, and only broadcast packets can be captured in addition to the traffic designated to this virtual environment, as it is controlled by Linux bridge which acts as the network switch;
  3. there is very easy way to setup dedicated connection with a virtual environment - add an Ethernet interface and use appropriate interface from the host side to send packets to communicate with that environment (vethCTID.N for containers, vmeENVID.N for virtual machines).

Open a new case

  • You can call our Support Team:

     +1 855-466-6670  Toll-free
     +1 425-689-7142  US
     +44 203-389-8331  UK
     +49 8914-379-4365  DE
     +7 499-609-2754  RU
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found