We’re experiencing a very annoying issue. When we run Rancher (1.1.2) with SSL enabled we aren’t able to run any containers that use networking. If we disable SSL and go back to just http we’re able to run all of our stacks and containers again. The rancher-server logs start having errors about not being able to update ipsec-hosts. The errors start to show up as soon as a container with networking is started. Restarting the Rancher network instance fixes issue until another container with networking is started.
From the rancher-agent-instance (0.8.3) point of view the ipsec tunnels seem to be fine, swanctl --list-sas shows them as being established. And charon.log and rancher-net.log aren’t showing any errors.
The closest bug I could find is https://github.com/rancher/rancher/issues/4825 but it doesn’t mention SSL at all.
The server and nodes are running on CentOS 7 in an OpenStack environment and Docker 1.10.3 and 1.11.2 were both tried.
All of this is unfortunately on an air-gapped network otherwise I could provide more detail with logs.