I am using docker 19.03.5 in my ubuntu 18.04. Usually, I can access all the containers. Everything is ok but the real problem arises when I connect my machine to a VPN client(Cisco anyconnect). I can not access any containers while as soon as I connected to the VPN. Is there any way so that I can access docker containers even connected to a VPN?
Asked
Active
Viewed 3,684 times
3
-
Try to delete docker networks: docker network prune – Ashok Oct 25 '20 at 18:23
-
Make a diff network for docker, see the 33 votes answer here: [How make openvpn work with docker](https://stackoverflow.com/questions/45692255/how-make-openvpn-work-with-docker) – Lawrence Cherone Oct 25 '20 at 18:34
-
I tried by deleting docker networks but did not work – Abdullah Toufiq Oct 25 '20 at 18:45
3 Answers
1
I have faced this problem and tried all possible solutions available in Internet, but nothing worked. It looks like Cisco Anyconnect vpn takes an exclusive control over the routing of the system and any changes made are not showing any effect.
The following worked for me. Instead of Cisco Anyconnect, use OpenConnect VPN. Both uses same protocol. To download:
sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
Reboot your PC and then go to VPN Settings -> Multi-protocol VPN client (open connect) and provide the settings as per your organisation requirement.
s510
- 2,271
- 11
- 18
1
That's because the VPN is configured to use full-tunelling. The network administrator should configure a split-tunnelling profile.
Full tuneling:
[PC] ---> [VPN] ---> { all networks
Split Tunneling:
[PC] ------> [VPN] ---> [Configured networks]
\-----> [Internet / other networks]
Another thing you can try is editing the routes. You can add a route pointing to your container IP and specifying the good network adapter, then you have to set a higher priority on this route than on the default gateway of the VPN.
vinalti
- 966
- 5
- 26
-
@abdullah-toufiq if my answer helped you would appreciate if you can vote it up or mark it as the answer. You can also tell me why it doesn't fix your problem if it is the case. – vinalti Jan 22 '22 at 23:15
-
after switching to openConnect vpn client from cisco anyconnect VPN client, issue resolved – Abdullah Toufiq Jan 23 '22 at 12:00
0
This issue is not related to Docker daemon / container settings. VPN server configuration is to blame (disabled split-include or prohibited local network access).
Because of that you have limited options how to resolve this:
- Ask VPN server administrator to allow split-include (mikrotik terminology)
- Check anyconnect client settings for something like "route all traffic thru VPN" and disable it
- Create custom static routing on your machine to access specific IP range (servers behind VPN server) thru interface created by anyconect client
Facty
- 472
- 4
- 12