Fix connectivity from docker network through host IPSec / Strongswan VPN

fix_docker_host_vpn_connectivity.sh

#!/usr/bin/env bash
# Link up docker network via IPSec VPN on docker-host
#
# Usage: [dry_run=1] [debug=1] vpn-docker-fix [<a-docker-network-name-or-id>]
#
# Env Variables:
#   docker_network - Defaults to docker0
#   dry_run - Set to 1 to have a dry run, just printing out the iptables command
#   debug   - Set to 1 to see bash substitutions

set -eu

_log_stderr() {
    echo "$*" >&2
}

_dry_run() {
    ( [ "$dry_run" = 1 ] || [ "$debug" = 1 ] ) && _log_stderr "$*"
    [ "$dry_run" = 1 ] || eval "$@"
}

if [ "${debug:=0}" = 1 ]; then
    set -x
    dry_run=${dry_run:=1}
fi

: ${dry_run:=0}
: ${docker_network:=${1:docker0}}

net_hash=$(docker network ls -qf "Name=${docker_network}")
if [ -z "$net_hash" ]; then
    _log_stderr "Docker network '$docker_network' not found"
    return 1
else
    docker_network="br-$net_hash"
fi

# vpnSubnet - VPN's CIDR
vpnSubnet=( $(ip route list table 220 | grep -o '^[0-9.]*/[0-9]*') )

if [ "${#vpnSubnet}" -eq 0 ]; then
    _log_stderr "VPN not active"

else
    # defaultRouteInterface - the active host network interface connecting to the VPN
    defaultRouteInterface="$(ip route show | awk '/^default/ { print $5 }')"

    # dockerSubnet - docker network's CIDR, one you want to grant access to your VPN
    dockerSubnet="$(ip route show | awk '/'"dev $docker_network"'/ { print $1 }')"

    # virtualIP -  virtual IP address of the host in the VPN
    #virtualIP="$(ifconfig | grep -o 'P-t-P:[^ ]*' | cut -d: -f2)"
    virtualIP="$(ip route show table 220 | awk '/'"dev $defaultRouteInterface"'/ {print $9}' | uniq)"

    for subnet in "${vpnSubnet[@]}"; do
        _dry_run sudo iptables -j SNAT -t nat -I POSTROUTING 1 -o "$defaultRouteInterface" -d "$subnet" -s "$dockerSubnet" --to-source "$virtualIP"
    done
fi

[ "$debug" = 1 ] && set +x