Connection Issues on VPN (Cisco AnyConnect)

[sjwoodard]

This issue stems from #1500

I'm using Docker 1.9.0 and Virtual Box 5.0.10 on Windows 7 (x64). Everything works fine in the office and at home without VPN, but after I connect to Cisco AnyConnect v 4.1.0 everything stops working. If I restart the VM while connected to the VPN, I can successfully run docker-machine ssh default, but using the Docker client throws this connection error:

An error occurred trying to connect: Get http://localhost:2375/v1.21/images/json: dial tcp 127.0.0.1:2375: ConnectEx tcp: No connection could be made because the target machine actively refused it.

VBox Log without VPN: https://gist.github.com/sjwoodard/bf814d3616513c7896c6
VBox Log with VPN: https://gist.github.com/sjwoodard/7f5b3ec80f03e3e623f4

[sjwoodard]

This is also related to #2101

[sjwoodard]

Here's the logs when I try to create a machine with the --debug flag

With VPN connected: https://gist.github.com/sjwoodard/4cd8679c2f762b7d5ba3
Without VPN: https://gist.github.com/sjwoodard/c1bdff27a11bbc177d1f

Note that when the VM is created, AnyConnect kicks me off of the VPN because a new networking adapter is created. Then it auto-reconnects back to the VPN.

[dmp42]

ping @nathanleclaire

[nathanleclaire]

Thanks for the report and logs @sjwoodard!

[sjwoodard]

@nathanleclaire no problem. One last comment, the connection breaks when AnyConnect gets to the 'Activating VPN adapter' step. I ran the env command before and after making a VPN connection:

New VM never connected to VPN: https://gist.github.com/sjwoodard/f172db49e45fd91a2731
Same VM after VPN connection: https://gist.github.com/sjwoodard/598dfd891b15ba892fed

[petervandenabeele]

Experienced this problem today; I did use the AnyConnect today on

• Mac El Capitan
• docker-machine 0.4.1
• Cisco AnyConnect 3.1

A reboot "fixed" it.

[sjwoodard]

Rebooting doesn't help me on Windows. If I'm already connected to the VPN, running docker-machine will disconnect the VPN and then I get the ConnectEx. If I run docker-machine first and then connect to the VPN I also get the ConnectEx.

[jakirkham]

I have what I believe to be the exact same issue with Junos Pulse. I can use docker/docker-machine fine at work and at home without the VPN. As soon as I connect to the VPN, it is completely unusable. Rebooting the VM makes no difference. Disconnecting from the VPN makes docker/docker-machine usable again. This issue has existed with various versions of docker-machine, but here are my current versions.

• Mac OS 10.9.5
• docker-machine 0.5.2
• VirtualBox 5.0.10
• Junos Pulse 5.1

[jakirkham]

This also seems related ( #2632 ).

[dgageot]

duplicate of #2632

[justechn]

#2632 is for MAC. This issue also happens on Windows.

I am experiencing this issue on Windows 10 Enterprise running Docker for Windows 1.12.1, Cisco AnyConnect 3.1.08009

[sarusso]

This should do all the machinery required for setting up docker-machine with local port forwarding: https://github.com/onejli/docker-vpn-helper. Plus explains very well where problems are in using docker-machine with a VPN that intercepts all the traffic.

[VGerris]

@sarusso thank you, that works perfectly indeed. I got a certificate error though and had to change the export for the host from localhost to 127.0.0.1 but then it worked.

Seems like that would be a great addition to the default docker stack!

[shyce]

I mean... I have the same issue and I'm on linux.

[lieutdan13]

@shyce Me too. Ubuntu 19.10 and now 20.04 have the same issue.

[Vikash082]

This is still an issue on MacOS, but see this is marked as closed.