Again:Cross-host intercontainer communication trouble

Hi:
I have reference the article:“Cross-host intercontainer communication trouble”, but it can’t to solve my problem.

i hava two host,every host have one network adapter.
HOST A: ip: 192.168.1.26 (running rancher/server and rancher/agent)
ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:ab:27:4f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.26/24 brd 192.168.1.255 scope global ens32

HOST B: ip:192.168.1.27 (running rancher/agent )
ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:ab:6b:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.27/24 brd 192.168.1.255 scope global ens32

( h3c fw dnat : 112.112.112.1:8080—>192.168.1.26:8080)
On Host A:
docker run -d --restart=always -p 8080:8080 rancher/server
open the url: 112.112.112.1:8080

then add host A:
sudo docker run -e CATTLE_AGENT_IP=192.168.1.26
-d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v0.9.2 http://112.112.112.1:8080/v1/scripts/1889F6AEE8DAE97968BC:1457794800000:A4rZOfxsh2yVvTzUtRpXLXnNms

then add host B:
sudo docker run -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v0.9.2 http://112.112.112.1:8080/v1/scripts/52A2A908C43C77A0B7E4:1457791200000:oJ9DZ0VHpVnwDg0lpXxg1o7mu9M

my problem is:
Containers started on the same host can ping each other, but containers on different hosts do not see each other.

I can’t confirm whether I started rancher-agent ：-e CATTLE_AGENT_IP= 192.168.1.26

please help me?thanks.

Do you have UDP ports 500 and 4500 open on both hosts? These are required for the IPSec networking to work.

yes, docker ps -a, i can see .
but:
on 192.168.1.26.
nc -u 192.168.1.27 4500

on 192.168.1.27.
nc -u 192.168.1.26 4500

not success.

Do the hosts have the correct IP on the UI?

same issue here

I have 2 hosts (boot2docker 1.11.0) running on vSphere VMs.

• 172.16.99.105
• 172.16.99.106
  VMs can ping each other.

All containers on one host can ping each other on the managed network, but communication to containers on the other host isn´t possible over the managed network.

It looks like 500/UDP and 4500/UDP aren´t mapped correctly into the rancher/agent-instance:v0.8.1

nc -u 172.16.99.105 4500 doesn´t get a connection on 172.16.9.106 and vice versa

docker ps shows
897ebd05a0ca rancher/agent-instance:v0.8.1 “/etc/init.d/agent-in” 8 minutes ago Up 8 minutes 0.0.0.0:500->500/udp, 0.0.0.0:4500->4500/udp 07e33149-ac58-4400-885e-9c3fef432f34

0.0.0.0:500->500/udp, 0.0.0.0:4500->4500/udp -> is this correct??
shouldn´t it be simply 500->500/udp on a host with one interface, or bound to the interface IP like 172.16.99.105:500->500/udp

one more note

if I go to edit the network agent in UI, there is a posibility to set [IP:]Port for ipSec Communication between hosts. it is by default mapped 4500->4500/udp and 500->500/udp

If I put the correct pubic hostIP in front like 172.16.99.105:4500 , save and than go back again, only 172 is saved in the field, so it looks like it´s not allowed to enter IP address in the field, even if the helptext says so