Skip to content
This repository has been archived by the owner on Nov 2, 2022. It is now read-only.
/ openconnect Public archive

Container-ised OpenConnect with patched support for Palo Alto vpn

3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robertbeal/openconnect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
Readme.md
Readme.md
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

Build Status

Now built from OpenConnect v8 which includes out-of-the-box support for Palo Alto Networks (PAN) authentication mode.

The below example uses --read-only mode (for a tiny bit of additional security, you must include the --tmpfs parameter if using read-only mode).

docker run \
    --name openconnect \
    --init \
    --net host \
    --read-only \
    --tmpfs /var/run/vpnc:rw,size=1000k \
    --cap-add=NET_ADMIN \
    --device /dev/net/tun \
    --pids-limit 50 \
    --cpus="1" \
    --memory="512m" \
    -v /etc/resolv.conf:/etc/resolv.conf \
    --security-opt="no-new-privileges:true" \
    --interactive \
    --tty \
    robertbeal/openconnect:latest --protocol=gp <ip> --servercert sha256:<sha>

Small Issue

SIGTERM works (ie docker stop openconnect) but not in an elegant fashion. The vpnc-script doesn't revert the /etc/resolv.conf so you may find your hosts /etc/resolv.conf is left in a messy state. When I have time I need to find out why openconnect isn't shutting down cleanly.

SIGINT (ie ctrl+c) however does fully work.

About

Container-ised OpenConnect with patched support for Palo Alto vpn

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases 12

2.7 Latest
May 28, 2018
+ 11 releases

Packages

No packages published

Languages