Login/Register
Cannot get docker-machine to work with virtualbox when using Cisco VPN AnyConnect
Asked Answered
dockervirtualboxvpnboot2dockerdocker-machine
W

3

19

When I use Cisco VPN Anyconnect to join to my corporate network, I cannot get docker-machine to connect to my virtualbox VM. It has something to do with Cisco Anyconnect taking over all 192.168.. routes. I also tried using a totally different cidr range (25.0.1.100/24) but still cannot get docker-machine to talk to VM. When I check the routes table, route gets added to utun0 instead of vboxnet0. I'm assuming utun0 is VPN's host network interface. Here the docker-machine output:

docker-machine create -d virtualbox dev   
Running pre-create checks...
Creating machine...
Waiting for machine to be running, this may take a few minutes...
Machine is running, waiting for SSH to be available...
Detecting operating system of created instance...
Provisioning created instance...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
WARNING >>> 
This machine has been allocated an IP address, but Docker Machine could not
reach it successfully.

SSH for the machine should still work, but connecting to exposed ports, such as
the Docker daemon port (usually <ip>:2376), may not work properly.

You may need to add the route manually, or use another related workaround.

This could be due to a VPN, proxy, or host file configuration issue.

You also might want to clear any VirtualBox host only interfaces you are not using.
To see how to connect Docker to this machine, run: docker-machine env dev
Witham answered 30/11, 2015 at 6:34 Comment(1)
When I disconnect from the vpn, it works and routes are added to vboxnet0 (there is no utun0 network interface)Witham
I
17

I had a similar problem with IP conflicts on 192.168.x.x I solved it changing the subnet of the VirtualBox host-only network.

1) run docker-machine rm dev

2) Go into the VirtualBox preferences and remove the host-only network

3) run docker-machine create --driver virtualbox --virtualbox-hostonly-cidr "25.0.1.100/24" dev

There is also a discussion on Github here: https://github.com/docker/kitematic/issues/1029#issuecomment-156219462

Intumescence answered 1/12, 2015 at 17:32 Comment(4)
This worked! I also had to run docker-machine env to set the correct environment vars.Bargello
I'm using VirtualBox 6.1.22, but still get the same error as the original poster, after multiple reboots, removal of host adapters, etc, on a fresh install of docker-machine, 0.16.0, build 702c267f I have started a bounty to hopefully get any updates required. Thanks!Aun
@BradParks what is your OS, route table (with and without VPN) and IP of docker machine (docker-machine env)? Problem is there usually, because VPN admin doesn't allow VPN split tunneling. But if you are admin on used machine, then you may create own "split tunneling" - it will needs a low level network configuration customised for specific use case (OS, routes, network CIDRs, ...).Look
THanks for the feeback - I'm on Mac Big Sur, and I can't really play with the configuration/setup of AnyConnect, as I'm on the VPN for work, and can't change that to split tunneling, or anything that would break the VPN configuration as is. If you have suggestions on an answer that would work with those constraints, please post it and I will give it a shot!Aun
M
4

I have the same issue and this post on docker at github.com solves it.

sudo ifconfig vboxnet0 down && sudo ifconfig vboxnet0 up

You also may want to use port 2377 as discussed here

Melo answered 3/7, 2017 at 13:18 Comment(0)
U
1

If you have the option to run Cisco VPN in Split Tunnel (instead of Full Tunnel) mode, that seems to work well, while still allowing you to access your corporate network.

Unlatch answered 13/1, 2016 at 21:34 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.