I have been working on building my daily toolset as Docker containers. This would allow me to more easily replace my workstation as needed and be able to more easily share my tools with my team.
As I have been working on this one of the first tools I needed to look at was how I VPN into private environments. Cisco AnyConnect is a common corporate solution. It however doesn’t allow public downloads of the client. Nor does it have an auto-update feature to keep it up to date.
OpenConnect client is an open source replacement for Cisco AnyConnect Client. Yum, APT, brew and chocolatey all have OpenConnect packages. There are even a few Docker images on docker hub for OpenConnect
After trying a few public Docker images I was disappointed in the Dockerness of the working ones. So I decided to create my own. jeffcook/openconnect
The main issue with creating a Docker container for a VPN with a tunnel interface os the privilege required to make it work. It requires both privileged access for the container and root access for the user. So the first round is not super secure. Which is fine for my current use.
I am working on utilizing
ocproxy as a way to avoid these security issues.
It is a SOCK5 proxy that would be used instead of the tunnel interface for OpenConnect.
This would work with many tools including web browser, SSH and anything else that supports SOCKS proxy.
This covers most tools used over a VPN.
For any this that doesn’t support SOCKS proxy there is always the option to create the tunnel interface.