@cjellick Correct, after playing with this a bit more i have worked out where i was going wrong so that it at least allows the public side to work as expected.
I was expecting the address range to be one of the visible ip ranges, subnets private range (172.77.)/docker container range (10.42.) but instead after digging deeper i found that it is actually the (172.17.*) rancher? range.
After allowing communication for these ranges on UDP ports 500 & 4500 and SSH for UI to hosts public ip’s everything started working again.
Maybe the range it’s expecting could probably be added to the ‘Add Host’ page? This would have helped me at least. (didn’t want a blanket catch all 0.0.0.0/0 )
Given the information that you provided, private hosts would be impossible currently? So ticking private IP would be a bad idea at least for now? I do plan to have some hosts private only, for db’s, back-end services, etc. i have attached an image that may explain what i am trying to achieve better. All outgoing is currently unrestricted.
Thanks for your help 
