We just migrated our applications to a Docker environment. I have many containers running my Python Application in my VM. (4 containers per VM). This is a multi-tenant application.
This application requires to connect to specific customer infrastructure via an IPSEC tunnel. (Use SSH and HTTPS). This mean that each customer is assigned a container and only this container can reach remote network via IPSEC tunnel.
In a Virtual Machine world, I had OpenSwan installed an enable VPN LAN to LAN. My VPN established direct connectivity to remote concentrator and I reserved 1 VM per customer.
Now with Docker infrastructure, in which we our app is a microservice, is it ok to follow the same logic and install OpenSWAN in same Docker container as my App ? Or it makes sense to install OpenSWAN and have this container route the traffic?
VM - App + OpenSWAN
VPN <------> VM
VM - [Docker App1] [Docker App2]
VM - [Docker App1 + OpenSwan] [Docker App2 + OpenSwan]
VPN <------> [Docker App1 + OpenSwan]