Docker container and host network VPN

I'm trying to run docker image on MacOS with VPN turned on (TUN device). Docker container can access internet, but is not able to access resources behind vpn. What is the right way to make Docker go to VPN network?

I've tried docker run --net host to make docker share host network, it didn't help. Host can access VPN resources, docker container can't resolve their names..

I had to restart docker after connecting host machine to VPN.

sudo systemctl restart docker docker start {name-of-container}

Not sure if it's best solution.

I took DNS that appears on my host after connecting to VPN

scutil --dns | grep 'nameserver\[[0-9]*\]'
nameserver[0] : xxx.xxx.xxx.xxx

Modified docker run command:

docker run --cidfile="docker.pid" --dns=xxx.xxx.xxx.xxx --publish-all

Now docker container can access resources behind VPN... It works, but I have no idea if it's good or bad...

I had this exact problem. I tried other solutions suggested here, but they didn't work for me. After a lot of trial and error this solution worked very nicely:

Add "bip": "192.168.1.5/24" to the daemon.json configuration file. This file can be found in the docker desktop settings under docker engine or at /etc/docker/daemon.json. BIP is the setting for bridge IP addresses and will change the IPs docker assigns in its subnet. By changing this setting I avoided conflicts between VPN and docker ip addresses.

Restart docker daemon.

Stop all containers.

Run ‘docker network prune’ to remove unused networks.

Restart all containers. This will recreate their networks with the new IP addresses.

You may still need to restart docker after connecting to the VPN in the future. See this thread for other solutions and ideas: https://github.com/docker/for-mac/issues/2820

Had a similar problem. OP's solution worked, but so did simply restarting my docker vm:

docker-machine restart $host

Inspiration: https://www.reddit.com/r/docker/comments/39z4xd/when_my_docker_host_is_connected_to_vpn_i_can_no/

What worked for me was to change docker subnet mask from /24 to /28, then restarted and I can now ping, telnet and other things on my vpn network. It says the default is /28 but docker desktop ships with /24 on it. Maybe it's a typo, I don't know.

Had this issue on docker version 3.6.0 (67351) running on Mac

What worked for me is combining the solutions posted by @Sheridan Rea and @Marco

1. Changed Docker subnet to 192.168.65.0/28. It was set to 192.168.63.0/24 before. Clicked Apply & Restart / Restart Docker

2. Run docker network prune

3. Run docker compose up

Simply changing Docker subnet didn't worked for me

Now I can ping IP addresses behind VPN