-
Notifications
You must be signed in to change notification settings - Fork 2k
OSX 10.11, Docker 1.9.1 and Cisco AnyConnect 4.1.02011 #2632
Comments
You have to either do the creation and usage of Machine without the VPN enabled, or add the route to the VM on the host only network manually. |
Alternatively, you could just run |
Thanks for the response! docker-machine ssh does work. How do you add the route on the VM? |
Something like should work: #1500 (comment) |
I am having similar issues trying to get it to work while on VPN. I was able to get reconnected after disconnecting from VPN though. I first had to make sure I was on the latest VirtualBox (VirtualBox 5.0.12) - I was on 5.0.0 chantra comment is valid, my challenge was figuring out the vboxnet name. To do this find out your current hostonlyifs
Then run chantra's command the the name Then run the docker-machine environment command. Then run the eval call |
This also seems related ( #2258 ). |
Okay, will this still allow me to access the Docker host via IP address in a browser? I have a couple containers running on my Docker host -- one with a webapp and the other with a database. I want to ensure that after I make this change I will still be able to use the IP address of the Docker host/VM to access the database and webapp. Thanks, |
@formerlyKurt If you use the Alternatively, might be able to use SSH port forwarding. e.g. if your webapp and database ports are $ docker-machine ssh default -L 8080:localhost:8080 -L 6379:localhost:6379 -N |
Somehow adding the route is not working for me. I ran the command:
But when I run
I get:
Be advised that this will trigger a Docker daemon restart which will stop running containers. I've tried removing the route and re-adding it and get the same error. What am I missing here? |
@formerlyKurt The output of Are you sure that's the correct vbox interface? What's the output of |
@nathanleclaire sadly, this seems to be the right interface.
|
What's the output of the |
With the
|
@formerlyKurt are u able solve this issue? I have similar issue with ciscoVpn. |
@cloudsan42 I was not able to resolve this issue. Hoping that @nathanleclaire has a good suggestion. Found instructions on port forwarding in the boot2docker docs but that did not resolve this issue. :( |
same here :-) |
Same exact behavior as @formerlyKurt on my cisco VPN:
|
As a note... I just tried out http://www.infradead.org/openconnect/ and ALL of my cisco anyconnect problems go away. Default routes aren't messed with. So it turns out it's not company VPN setup, and it's not my computer and it's not docker or virtual box. It's just AnyConnect doing stupid stuff! |
One possible workaround (although not perfect) is to use SSH port forwarding. |
@kelsin if only I could take that path. Security group would, and I quote, 😱 As it stands right now, I seem to be having difficulty connecting to VPN. @dantran @cloudsan42 have you tried the suggestion by @nathanleclaire? |
ssh port forwarding works for me |
Hey guys, just to be clear, AnyConnect can "own" your routes if configured to do so. If this is the case, as it is for me, you can try to modify your routes all day long and it will make no difference. Unfortunately this is considered a security feature to prevent split routing. Is there any way to get docker-machine to bind to localhost and port forward :2376 to localhost instead of the hostonly adapter? |
At present, there's no way to do this directly in i.e.: $ docker-machine ssh default -L 2376:localhost:2376 -fN
$ eval $(docker-machine env)
$ export DOCKER_HOST=:2376
$ docker info
Containers: 8
Running: 0
Paused: 0
Stopped: 8
Images: 17
...
Labels:
provider=virtualbox By the way, I would be happy to consider proposals or PRs to enable this as a more first-class feature of Machine (e.g. |
I followed some of the hacks mentioned above in vain. Is there any documented workaround for this issue. Issue really stalling our docker development largely. please help. I am using |
@sadhasivam Have you tried using the open-source version of Cisco's VPN client, I can confirm that openconnect works with Docker Machine (and Dinghy) while connected to my office's Cisco SSL VPN. I'm on the latest El Cap release (btw I think you have a typo there – no Mac OS 10.11.14 release yet). |
Fwiw Cisco Anyconnect administrators can easily enable policy's which prevent users from using openconnect. Sent from mobile
|
@mattlubner corrected the typo. i haven't tried openconnect yet. let me check and ping back the group. |
Very similar issues on Windows 7 64-bit using Juno Pulse. I have to create the VM off of the VPN (which is fine), but once I connect to the VPN I can no longer interact with the VM through Docker. What's odd is that I can still SSH in to the machine and ping it. Still playing with some port forwarding things and some routing, but so far nothing has solved it with my particular setup. |
@nathanleclaire those steps didn't work for me. Here's what happened:
So, I thought maybe you meant to add
I basically got the same error message (above). Running the
|
looked for a solution for hours, thanks @nathanleclaire for the solution with the ssh port forwarding |
I struggled with this issue on and off for the last few weeks and this is what worked for me: http://www.iancollington.com/docker-and-cisco-anyconnect-vpn/. Thank you Ian! |
Folks. With the latest Mac OSX Docker binaries, Ref: (beta.docker.com) everything simplified to the core. Since VirtualBox image concept is removed in the latest version. Anyconnect is not the stopper AnyMore checkout blog.docker.com for more information. |
This should do all the machinery required for setting up docker-machine with local port forwarding: https://github.com/onejli/docker-vpn-helper. Plus explains very well where problems are in using docker-machine with a VPN that intercepts all the traffic. |
Is there a preferred method of running Docker on a Mac when connected to a VPN? Running
docker-machine create --driver virtualbox default
results in the following:
Anyone have a solution for this?
Thanks!
The text was updated successfully, but these errors were encountered: