Docker Cisco Anyconnect Vpn



Started using docker at work again.

  • Jun 21, 2016 When not connected to my corporate network via Cisco AnyConnect VPN 4.2.03x, I can pull and run images from docker.io. When connected to the VPN, I cannot pull images from docker.io or my corporate internal registry. I’m not behind a proxy. Steps to reproduce the behavior. Connect to VPN; docker run hello-world.
  • Cisco AnyConnect VPN problem: There is an issue with using boot2docker and Cisco AnyConnect VPN. Basically its this: You can’t run any docker commands because AnyConnect doesn’t allow any split tunneling.
  • Connect to Cisco Any Connect VPN. Contribute to iwanttobefreak/docker-anyconnect-vpn development by creating an account on GitHub.
  • I am usign docker 18.03.1-ce-win65 (17513), Cisco AnyConnect Secure Mobility Client 3.1.12020 and Symatec Endpoint 14. When im on office and use cable everything works, but on home when I connect VPN I can't share drive with docker. Due to company policies, I am required to use this VPN client.

Reddit Docker Vpn environment variables: Windows. The docker -machine (on Cisco AnyConnect to use minikube with have Cisco AnyConnect running once connected, everything I had two separate machine. VPN doesn't work — How make docker to work support me on Patreon running Windows 7 with - Internal Suite Docker Client Using Docker to You're.

All the previous work is almost outdated and the old scripts are broken.Been getting issues all over the places.

Normally, I connect remotely over VPN using Cisco's AnyConnect Client.

Cisco Anyconnect Vpn Client Docker

Big one is not being able to connect to the docker-machine (on windows) while connected work's corporate network.`docker-compose` cannot connect to the docker containers.Error message is similar to:

This machine has been allocated an IP address, but Docker Machine could not reach it successfully.SSH for the machine should still work, but connecting to exposed ports, such as the Docker daemon port (usually <ip>:2376), may not work properly.You may need to add the route manually, or use another related workaround.This could be due to a VPN, proxy, or host file configuration issue.

Only solution I found that works is to port-forward then explicily set the DOCKER_HOST.This causes cert issues that can be overcome with env vars.

Using `docker-compose` to manage the containers, I couldn't get `–tls-verify` to do anything.

VBoxManage modifyvm 'default' –natpf1 'docker,tcp,2376,2376'

Anyconnect

$env:DOCKER_HOST='tcp://127.0.0.1:2376'

$env:DOCKER_TLS_VERIFY=';

docker-compose up

I have been waiting in anticipation for WSL2 (Windows Subsystem for Linux) and on May 28th when the update released for general availability I updated immediately.

At first I was super hyped. WSL2 and the Ubuntu 20.04 image just worked and ran smoothly and quickly. Combined it with the release version of Windows Terminal it was a real delight.

I also went and grabbed Docker Desktop for Windows as it now has support for WSL2 as the underlying system. And joy it just installed and worked. Now being capable of running Docker containers directly from my shell without doing some of doing it the way I did before having a Ubuntu VM running in VMware Workstation and connecting to it via docker-machine on my WSL1 Ubuntu image. A hassle to get to work and not a very smooth operation.

Having the option to just start Docker containers is amazing!

But then I had to get some actual work done and booted up VMware Workstation to boot a VM. And it failed. With a Device Guard error. I followed the guides and attempted to disable Device Guard to no avail. Then it dawned on my. WSL2 probably enables the Hyper-V role! And that is exactly what happened.

Hyper-V and Workstation (or VirtualBox for that matter) do not mix well – that is until VMware released Workstation 15.5.5 to fix this exact problem just the day after WSL2 released. Perfect timing!

Simple fix – just update Workstation to 15.5.5 and reboot and WSL2 and Workstation now coexisted fine!

I played a bit more with WSL2 in the following days but ended up hitting some wierd issues where networking would stop working in the WSL2 image. No real fixes found. Many indicate DNS issues and stuff like that. Just Google “WSL2 DNS not working” and look at the mountains of issues.

But I suspected something else because DNS not working was just a symptom – routing out of the WSL2 image was not working. Pinging IPs outside the image did not work. Not even the gateway IP. And if the default gateway is not working of course DNS is not working.

I found that restarting fixed the issue so got past it that way but today it was back. I was very interested in figuring out what happened. And then I realized the potential problem and tested the fix. I was connected to my work network via Cisco AnyConnect. I tried disconnecting from VPN and testing connectivity in WSL again – now it works. Connected to VPN again and connectivity was gone.

Okay – source found – what’s the fix? I found this thread on Github that mentions issues with other VPN providers even when not connected. Looking through the comments I found a reference to a different issue of the same problem but regarding AnyConnect specifically.

Cisco Anyconnect Vpn Client Settings

I looked through the comments and many fixes around changing DNS IP and other things but the fix that seem to do the trick was running the following two lines of Powershell in an elevated shell after connecting to VPN

Those two lines change the Interface Metric so that the WSL interface has a higher priority than the VPN connection. This inadvertently also fixed an issue that I had with local breakout when on VPN not working correctly.

Downside of the fix is that this needs to be run every time you connect to VPN. I implemented a simple Powershell function in my profile so I just have to open an elevated shell and type “Fix-WSLNet”.

That is all for now!