Container traffic not being routed through VPN tunnel

Goal:
To exchange traffic from a API, running in a docker container on ubuntu 22.04, to a remote endpoint through a VPN tunnel.

The VPN tunnel has been configured using Strongswan directly on the host and is up and running:

Security Associations (1 up, 0 connecting):
  vpn-alblas[24]: ESTABLISHED 9 seconds ago, 206.189.100.202[206.189.100.202]...185.121.180.68[185.121.180.68]
  vpn-alblas{8}:  INSTALLED, TUNNEL, reqid 3, ESP SPIs: ce7ce5a0_i 7776cdd6_o
  vpn-alblas{8}:   192.168.200.0/24 === 10.129.20.0/27

The custom network the containers are running on looks like this:

[
    {
        "Name": "api-network",
        "Id": "7088cde099fe3c3665bfebbe1e57ee86aa3022169e536877f690216e6ef1c082",
        "Created": "2024-08-26T13:53:12.474275182Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.200.0/24",
                    "Gateway": "192.168.200.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "8a62839d0f665320ec18f68998097bf626c6bd9af98a1f8dbec5f01de90b4f8e": {
                "Name": "caddy_server",
                "EndpointID": "a38a2d0a0d64443302de74f015d1d2a94455d235e01ce876bf148ff0071e3849",
                "MacAddress": "02:42:c0:a8:c8:03",
                "IPv4Address": "192.168.200.3/24",
                "IPv6Address": ""
            },
            "ce8d44410523f01209633b812d4063f8866c2c9bdedcc51b17d62ff37fafb1f0": {
                "Name": "fastapi_app",
                "EndpointID": "2ed03000bc0bf022b23d5664ca47c42cc441389e9b8ad2391aeb86afd65d4489",
                "MacAddress": "02:42:c0:a8:c8:02",
                "IPv4Address": "192.168.200.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

When I enter the container using docker exec -it fastapi_app /bin/sh and run traceroute 10.129.20.2, the packet reaches the VPN-gateway, but then gets routed onto the public internet instead of through the tunnel:

traceroute to 10.129.20.2 (10.129.20.2), 30 hops max, 60 byte packets
 1  ZES-Communications (192.168.200.1)  0.095 ms  0.021 ms  0.015 ms
 2  5.101.110.7 (5.101.110.7)  1.746 ms  1.690 ms  1.700 ms
 3  143.244.192.34 (143.244.192.34)  1.971 ms 143.244.192.30 (143.244.192.30)  1.717 ms 143.244.192.34 (143.244.192.34)  1.729 ms
 4  143.244.224.74 (143.244.224.74)  1.844 ms 143.244.224.82 (143.244.224.82)  2.024 ms 143.244.224.74 (143.244.224.74)  2.044 ms
 5  * * *

Upon investigating, I came across the following doc:

https://docs.strongswan.org/docs/5.9/howtos/cloudPlatforms.html

Reading this, it looks like docker containers do not have the required privileges to setup a VPN connection. I tried to add to these privileges by running the container with: docker run --cap-add=NET_ADMIN --cap-add=NET_RAW --device=/dev/net/tun --network api-network -d --name fastapi_app eg-zes-eq-api-fastapi with no success.
I also tried to MASQUERADE traffic outgoing through api-network, also with no success.

At the moment I am considering to reconfigure the VPN to my internal IP-address instead of the docker subnet. I suspect there is a mismatch due to the fact that strongswan is installed on the host and the containers being on a custom network.

Can anyone confirm or refute this idea and point me in the right direction?

Thanks in advance!