hetzner private network with pfsense and a docker host - weird connectivity issue



  • I have a pfsense instance and a docker host, both on an hetzner private cloud network.
    this is the design
    https://imagebin.ca/v/5NNDpuDwq9PT

    I followed this guide:
    https://community.hetzner.com/tutorials/how-to-route-cloudserver-over-private-network-using-pfsense-and-hcnetworks

    the docker host has no direct accesso to the internet, it has to go through the pfsense box, the hetzner private network has a route that redirects for all destinations through 10.0.10.2 (as instructed in the hetzner guide)
    https://imagebin.ca/v/5NNEp6IW50ZT

    the docker host and pfsense box can reach each other via ping, the docker host can reach the internet without problems, I will need firewall rules but for the moment everything is wide open.

    the docker containers can't reach the outside when making any https request that is too long, see following logs:
    https://imagebin.ca/v/5NNG5mOOF3ZY

    the error is "TCP Previous segment not captured"

    Do you guys have any suggestion as where the issue might be? I'm quite certain it's not within the docker networking and neither with the hetzner private network, https transfer between the containers and the docker host do work, https transfer between the host and the internet do work as well, https transfers between the containers and the internet generate the above mentioned error.