hetzner private network with pfsense and a docker host - weird connectivity issue

  • I have a pfsense instance and a docker host, both on an hetzner private cloud network.
    this is the design

    I followed this guide:

    the docker host has no direct accesso to the internet, it has to go through the pfsense box, the hetzner private network has a route that redirects for all destinations through (as instructed in the hetzner guide)

    the docker host and pfsense box can reach each other via ping, the docker host can reach the internet without problems, I will need firewall rules but for the moment everything is wide open.

    the docker containers can't reach the outside when making any https request that is too long, see following logs:

    the error is "TCP Previous segment not captured"

    Do you guys have any suggestion as where the issue might be? I'm quite certain it's not within the docker networking and neither with the hetzner private network, https transfer between the containers and the docker host do work, https transfer between the host and the internet do work as well, https transfers between the containers and the internet generate the above mentioned error.