Make Deutsche Bahn WiFi work with a Linux laptop + Docker

tl;dr WiFi doesn't work because you have Docker installed on your laptop! Shutdown Docker and surf happily ever after.

Big shout out to Armbruster IT that led me in their blog post to the issue of Docker's network configuration that overlaps with Deutsch Bahn Wifi. In the follwoing post I'll walk you through moving the Docker's networks to different IP address ranges.

Identifying the issue

On the trains of Deutsche Bahn WiFi uses the IP networks 172.16.0.0/16 to 172.18.0.0/16. Docker's default network 172.17.0.0/16 sits right in the middle and might interfere with DB WiFi on some trains. In addition, Docker allows user defined bridge networks that occupy additional IP networks. If you're using docker-compose these additional networks are automatically created right behind the default network, e.g. starting at 172.18.0.0/16. This will increase the chances of Docker interfering with DB WiFi. In fact, I wasn't able to use DB WiFi for long time on my laptop.

There are two ways of finding out whether your laptop is affected by the issue. First, connect to DB WiFi.

Option 1: Right-click on the network icon in the system tray and open Connection Information. Compare the IP addresses of all network interfaces. If the same IP network is used on multiple interfaces your laptop is affected by the issue.

Option 2: Open a terminal and list all IP network routes by running the command ip r s. The output should look something like this. In my case multiple network bridges have been created by Docker, one of them is using the same IP network (172.18.0.0) as my WiFi interface (wlp59s0).

% ip r s
default via 172.18.0.1 dev wlp59s0 proto dhcp metric 600
169.254.0.0/16 dev wlp59s0 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/24 dev wlp59s0 proto kernel scope link src 172.18.154.222 metric 600
172.18.0.0/16 dev br-1364b6d8194f proto kernel scope link src 172.18.0.1 linkdown
172.19.0.0/16 dev br-c66b62063149 proto kernel scope link src 172.19.0.1 linkdown

BTW, I didn't experience any network issues in the DB Lounge. These Wifi networks use completely different IP address ranges that are most common in home network settings.

Solving the issue

Quick an dirty (temporary)

The easiest solution is to temporarily shutdown Docker. The following terminal command should do that on all Linux systems that use systemd: sudo systemctl stop docker.service

Now, reconnect to DB Wifi end enjoy the trip :-D

Start Docker again after leaving the train: sudo systemctl start docker.service

Permanent fix

In order to fix the issue the Docker configuration file /etc/docker/daemon.json has to be adjusted (or created if it doesn't exist yet) and the currently configured Docker bridges need to be cleaned up.

Cleanup

Let's first do the cleanup. If you've used docker-compose before a number of networks have been created that need to be removed manually. Let's list all Docker networks: sudo docker network ls

% sudo docker network ls
NETWORK ID          NAME                            DRIVER              SCOPE
428fdda9c2b5        bridge                          bridge              local
1364b6d8194f        project_network                 bridge              local
82bc0405ed96        host                            host                local
029f363dbb5a        none                            null                local

You can ignore the networks with the names bridge, host, and none because they're internal Docker networks. In my case the only relevant network is project_network. To remove it take the network id and feed it into the remove command: sudo docker network rm [NETWORK ID]

Now, the network list should only contain the internal Docker networks:

% sudo docker network ls
NETWORK ID          NAME                            DRIVER              SCOPE
428fdda9c2b5        bridge                          bridge              local
82bc0405ed96        host                            host                local
029f363dbb5a        none                            null                local

Hint: Sometimes a network configuration is hard-coded in the docker-compose.yml configuration file. In this case removing the network now will only fix the issue until you run docker-compose again. For a permanent fix adjust the network configuration in your project.

Adjust daemon.json

The last step is to adjust the Docker daemon configuration. We'll set the IP address and network of the default Docker network bridge and we'll also specify one or multiple IP address pools that are used to create networks by docker-compose. Pick two free IPv4 networks (one for the Docker network bridge and the other for the address pool) that are not in conflict with any of the networks that you're using on a regular basis.

Stop Docker: sudo systemctl stop docker.service

Create the file /etc/docker/daemon.json with the following content and replace the IP address and the IP networks:

{
        "bip": "10.199.0.1/16",
        "fixed-cidr": "10.199.0.0/16",
        "default-address-pool": [{"scope":"local","base":"10.200.0.0/16","size":24}],
        "default-address-pools": [{"scope":"local","base":"10.200.0.0/16","size":24}]
}

Hint: The IP address pool can only be set in the configuration if you're using a recent version of Docker. The feature has been integrated in March 2018.

Start Docker again (sudo systemctl stop docker.service) and test (ip r s) if the configuration is correct. Connect to the Wifi and enjoy the ride :-D

Summary

It took a good deal of research to find the solution and it also takes a bit of effort to configure it. Unfortunately, the issue could easily pop up again in a different network. With IPv4 we have to be on the watch - a truly permanent solution doesn't exist. Hope you'll not run into it any time soon.