Machine: Connection Issues on VPN (Cisco AnyConnect)

Created on 12 Nov 2015 · 16Comments · Source: docker/machine

This issue stems from #1500

I'm using Docker 1.9.0 and Virtual Box 5.0.10 on Windows 7 (x64). Everything works fine in the office and at home without VPN, but after I connect to Cisco AnyConnect v 4.1.0 everything stops working. If I restart the VM while connected to the VPN, I can successfully run docker-machine ssh default, but using the Docker client throws this connection error:

An error occurred trying to connect: Get http://localhost:2375/v1.21/images/json: dial tcp 127.0.0.1:2375: ConnectEx tcp: No connection could be made because the target machine actively refused it.

VBox Log without VPN: https://gist.github.com/sjwoodard/bf814d3616513c7896c6
VBox Log with VPN: https://gist.github.com/sjwoodard/7f5b3ec80f03e3e623f4

kinbug

Source

sjwoodard

👍1

Most helpful comment

This should do all the machinery required for setting up docker-machine with local port forwarding: https://github.com/onejli/docker-vpn-helper. Plus explains very well where problems are in using docker-machine with a VPN that intercepts all the traffic.

sarusso on 16 Aug 2017

👍6

All 16 comments

This is also related to #2101

sjwoodard on 12 Nov 2015

Here's the logs when I try to create a machine with the --debug flag

With VPN connected: https://gist.github.com/sjwoodard/4cd8679c2f762b7d5ba3
Without VPN: https://gist.github.com/sjwoodard/c1bdff27a11bbc177d1f

Note that when the VM is created, AnyConnect kicks me off of the VPN because a new networking adapter is created. Then it auto-reconnects back to the VPN.

sjwoodard on 12 Nov 2015

ping @nathanleclaire

dmp42 on 12 Nov 2015

Thanks for the report and logs @sjwoodard!

nathanleclaire on 12 Nov 2015

@nathanleclaire no problem. One last comment, the connection breaks when AnyConnect gets to the 'Activating VPN adapter' step. I ran the env command before and after making a VPN connection:

New VM never connected to VPN: https://gist.github.com/sjwoodard/f172db49e45fd91a2731
Same VM after VPN connection: https://gist.github.com/sjwoodard/598dfd891b15ba892fed

sjwoodard on 12 Nov 2015

Experienced this problem today; I did use the AnyConnect today on

Mac El Capitan
docker-machine 0.4.1
Cisco AnyConnect 3.1

A reboot "fixed" it.

petervandenabeele on 19 Nov 2015

Rebooting doesn't help me on Windows. If I'm already connected to the VPN, running docker-machine will disconnect the VPN and then I get the ConnectEx. If I run docker-machine first and then connect to the VPN I also get the ConnectEx.

sjwoodard on 2 Dec 2015

I have what I believe to be the exact same issue with Junos Pulse. I can use docker/docker-machine fine at work and at home without the VPN. As soon as I connect to the VPN, it is completely unusable. Rebooting the VM makes no difference. Disconnecting from the VPN makes docker/docker-machine usable again. This issue has existed with various versions of docker-machine, but here are my current versions.

Mac OS 10.9.5
docker-machine 0.5.2
VirtualBox 5.0.10
Junos Pulse 5.1

jakirkham on 13 Jan 2016

This also seems related ( https://github.com/docker/machine/issues/2632 ).

jakirkham on 13 Jan 2016

duplicate of https://github.com/docker/machine/issues/2632

dgageot on 12 Feb 2016

2632 is for MAC. This issue also happens on Windows.

I am experiencing this issue on Windows 10 Enterprise running Docker for Windows 1.12.1, Cisco AnyConnect 3.1.08009

justechn on 26 Oct 2016

sarusso on 16 Aug 2017

👍6

@sarusso thank you, that works perfectly indeed. I got a certificate error though and had to change the export for the host from localhost to 127.0.0.1 but then it worked.

Seems like that would be a great addition to the default docker stack!