Public and private network in swarm mode

With new swarm mode is not possible to run VPN containers as they require privileged access.
So, What is the recommended way to create an admin-private network?

The goal is to be able to access admin tools or admin ports in a secure way without exposing them to internet.


I have the same question. I’d like the whole set up to be on private subnets.

One option I thought about was to keep the public subnets but to restrict access to them, so only whitelisted IPs can reach them.

Prefer an all-private solution though.

Same question here… we have several privates services (no port published), and public services (with published port) which consume privates services. We would like to acces some private services from outside for audits/monitoring/etc… through a VPN service connected to the same networks as the private services we want to access.
@jalberto did you find a way to create a VPN to acces private services inside swarm ? Or is there a better way to do this ?

Thank you