Unable to connect to docker on Anyconnect VPN Unable to connect to docker on Anyconnect VPN docker docker

Unable to connect to docker on Anyconnect VPN


docker vpn docker-toolbox

I've really like OpenConnect (which supports more configuration options than network-manager-openconnect). Even hideous installations that require csd-wrapper usually work well.

AnyConnect breaks docker networks in a weird way and they stay broken even after you exit the VPN (even if you stop vpnagentd afterwards).

The workaround is to stop docker, clear all its networks and bridges and only then start the AnyConnect VPN. You can start docker after the VPN session ends and it will re-create all necessary stuff.

I created a script to workaround this unfortunate behavior that does exactly this:

#!/bin/sh# usage: #   vpn.sh [start]#   vpn.sh stop    if [ "$1" = "stop" ]; then    /opt/cisco/anyconnect/vpn/vpn disconnect    sudo systemctl stop vpnagentd    echo "Cisco VPN stopped"    echo "Starting docker"    sudo systemctl start dockerelse    echo "Stopping docker"    sudo systemctl stop docker    bridges=$(sudo brctl show | cut -f1 | tail -n +2)    for b in $bridges; do        sudo nmcli connection delete $b        sudo ip link set dev $b down        sudo brctl delbr $b    done    echo "Starting Cisco VPN"    sudo systemctl start vpnagentd    /opt/cisco/anyconnect/vpn/vpn connect 'VPN-NAME'fi

Note: A VPN admin can prevent you from using OpenConnect and force you to use Cisco AnyConnect only but you might a better experience if LocalLanAccess is enabled in your VPN profile.

docker vpn docker-toolbox

The following worked for me.

Try using OpenConnect instead of Anyconnect:

sudo apt install openconnectsudo apt install network-manager-openconnect

and then (for Ubuntu 16 at least) comment out the line dns=dnsmasq, so it becomes like this:

$ cat /etc/NetworkManager/NetworkManager.conf[main]plugins=ifupdown,keyfile,ofono#dns=dnsmasq

Then add a connection using NetworkManager to your VPN provider and connect. (NetworkManager -> Edit connections -> Add. Then select Connection type to be VPN -> Cisco Annyconnect)

Reboot and reconnect, and now docker containers should have access to internet.

docker vpn docker-toolbox

You can configure your local route table.usually the docker_endpoint is 192.168.x.x, in order to let it go to local network rather than vpn, you can add route rule as below.route add 192.168.0.0 mask 255.255.0.0 192.168.0.1 -p-p means to add it permanently.then run below command to see if it's set.route print

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last