Docker image for OpenConnect
I have been working on building my normal tool set as Docker containers. This would allow me to replace my workstation as needed, and be able to share my tools with my team.
While I was working on this, one of the first tools I needed to look at was how I VPN into private environments. Cisco AnyConnect is a common corporate solution. It doesn’t allow public downloads of the client. Nor does it have an auto-update feature to keep it up to date.
OpenConnect client is an open source replacement for Cisco AnyConnect Client. Yum, APT, brew and chocolatey all have OpenConnect packages. There are Docker images on docker hub for OpenConnect
After trying the public Docker images I was disappointed in the Dockerness of the working ones. I decided to create my own. jeffcook/openconnect
The main issue with creating a Docker container for a VPN with a tunnel interface os the privilege required to make it work. It requires both privileged access for the container and root access for the user. The first round is not super secure. Which is fine for my current use.
I am working on utilizing
ocproxy as a way to avoid these security issues.
ocproxy is a SOCK5 proxy and would not use a tunnel interface for OpenConnect.
This would work with most tools including web browser, SSH and anything else that supports SOCKS proxy.
This covers most tools used over a VPN.
For any this that doesn’t support SOCKS proxy there is always the option to create the tunnel interface.