/docker-anyconnect-vpn

:closed_lock_with_key: AnyConnect client in a Docker container

Primary LanguageShell

OpenConnect docker image client for Cisco's AnyConnect SSL VPN

OpenConnect docker image depends on the latest version of OpenConnect, oath-toolkit & socat on top of Alpine Linux.

How to use

  1. Build the Docker image:

    docker-compose build --force
  2. Add .env file to set up VPN connection params:

    VPN_URL=<VPN gateway URL>
    VPN_USER=<Username>
    VPN_PASSWORD=<Password>
    VPN_OPTIONS=--protocol=<Protocol> \
                --authgroup=<VPN group> \
                --servercert=<VPN server TLS certificate fingerprint pin-sha256 type> \
    # To generate pin-sha256 fingerprint you can use openssl:
    # openssl s_client -showcerts -connect $VPN_HOST:443 </dev/null 2>/dev/null | openssl x509 -outform der | openssl dgst -sha256 -binary | openssl enc -base64
    #
    # When using multi-factor authentication with TOTP add additional options:
                --timestamp --token-mode=totp --token-secret=<TOTP secret>
    # To expose VPN service ports outside Docker container add the group of environment variables for each VPN service:
    HOST_PORT_1=<Host port for service 1>
    VPN_SERVICE_HOST_PORT_1=<VPN service 1 endpoint ip:port>
    #...
    # HOST_PORT_N=<Host port for service N>
    # VPN_SERVICE_HOST_PORT_N=<VPN service N endpoint ip:port>

    Don't use quotes around the values!

    See the openconnect documentation for available options.

    Either set the password in the .env file or leave the variable VPN_PASSWORD unset, so you get prompted when starting up the container.

    To expose more than one VPN service outside the Docker container your need add additional ports mapping sections and PORT_MAP_APP environment variables for each service in the docker-compose.yml file

  3. Start the Docker containers:

    docker-compose up -d --env-file `.env` --abort-on-container-exit

Contribute

Pull requests are very welcome!