I would like to be able to access internal swarm network from my workstation (so I can debug or access internal services) but nor --privileged nor --cap-add exists in docker service, so far I am trying:
This has worked fine for me so far but it can be a bit tedious setting up a lot of tunnels. I’m actually looking into setting up a vpn instead and would imagine the process to work similarly to the tunnel.
Regarding you particular problem - it looks like you’ve got services on different networks. I’d add the vpn as a service to your swarm (like I do in the ssh tunnel setup described above). I remember vaguely that there are issues with attachable networks in docker swarm.