Cisco's AnyConnect VPN and docker-compose
Started using docker at work again.
All the previous work is almost outdated and the old scripts are broken. Been getting issues all over the places.
Normally, I connect remotely over VPN using Cisco's AnyConnect Client.
Big one is not being able to connect to the docker-machine (on windows) while connected work's corporate network. `docker-compose` cannot connect to the docker containers. Error message is similar to:
This machine has been allocated an IP address, but Docker Machine could not reach it successfully. SSH for the machine should still work, but connecting to exposed ports, such as the Docker daemon port (usually <ip>:2376), may not work properly. You may need to add the route manually, or use another related workaround. This could be due to a VPN, proxy, or host file configuration issue.
Only solution I found that works is to port-forward then explicily set the DOCKER_HOST. This causes cert issues that can be overcome with env vars.
Using `docker-compose` to manage the containers, I couldn't get `–tls-verify` to do anything.
VBoxManage modifyvm "default" –natpf1 "docker,tcp,,2376,,2376"
$env:DOCKER_HOST="tcp://127.0.0.1:2376"
$env:DOCKER_TLS_VERIFY='';
docker-compose up
You could try
Giving the docker-machine vm have it's own subnet didn't work for me. I guess without split mode enabled/setup the vpn takes all connections.
docker-machine create –driver virtualbox –virtualbox-hostonly-cidr "25.0.1.100/24" dev
Also getting the devops guys to open the 2376 port locally should work.
sources
- https://www.iancollington.com/docker-and-cisco-anyconnect-vpn/ <– this is the pure `docker` version
- https://docs.docker.com/compose/reference/envvars/#compose_api_version
- https://stackoverflow.com/questions/33992729/cannot-get-docker-machine-to-work-with-virtualbox-when-using-cisco-vpn-anyconnec#34026467