I dockerized the AnyConnect VPN client


Hi everyone!

I recently had some trouble with a corporate VPN. It was forcing me to use their DNS servers and route all my traffic over their network, despite being my own personal privately-owned device. Obviously that's ridiculous given the refusal to provide me with a corporate device.

So I made this.


This is a docker container which contains the Openconnect VPN client, an open-source AnyConnect compatible client.

The reason for using a docker container, is that the container gets its own network namespace, so the routing table of the container is isolated from that of the host. Then, the container has a dNAT. That way, you can add any routes you desire to the corporate subnets via the container, at your own discretion.

On top of that, it'll detect your DNS server, and set up dnsmasq. All traffic will be forwarded to the server set in your host resolv.conf, except for the domains that you configure in the container, which will then be forwarded to the corporate DNS servers. This eliminates the possibility of any DNS leaks.

Any feedback is also greatly appreciated.

EDIT: as pointed out by u/Reverent, this could very well be in breach of your corporate policy. Please do take care before using any such "workarounds". I am not liable for any damages that could be caused.

EDIT 2: Many thanks to u/scraf23 for the award! 🙂

EDIT 3: Thanks for the gold! I am quite surprised by how much attention this got. Good to see someone may get some use out of this!

submitted by /u/aw1cks
[link] [comments]