If a multipath-tcp-capable guest VM cannot communicate to the Internet, try to check the firewall on the host,
# iptables -L FORWARD target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
You need to allow packets with multipath TCP (TCP option 30).
# iptables -D FORWARD -p all -j REJECT --reject-with icmp-host-prohibited # iptables -A FORWARD -p tcp --tcp-option 30 -m state --state NEW -j ACCEPT # iptables -A FORWARD -p all -j REJECT --reject-with icmp-host-prohibited
