# openconnect + tinyproxy + microsocks This Docker image contains an [openconnect client](http://www.infradead.org/openconnect/) (version 8.04 with pulse/juniper support) and the [tinyproxy proxy server](https://tinyproxy.github.io/) for http/s connections (default on port 8888) and the [microsocks proxy](https://github.com/rofl0r/microsocks) for socks5 connections (default on port 8889) in a very small [alpine linux](https://www.alpinelinux.org/) image (around 60 MB). You can find the image on docker hub: https://hub.docker.com/r/wazum/openconnect-proxy # Requirements If you don't want to set the environment variables on the command line set the environment variables in a `.env` file: OPENCONNECT_URL= OPENCONNECT_USER= OPENCONNECT_PASSWORD= OPENCONNECT_OPTIONS=--authgroup \ --servercert --protocol= \ --reconnect-timeout 86400 _(don't use quotes around the values!)_ Either set the password in the `.env` file or leave the variable `OPENCONNECT_PASSWORD` unset, so you get prompted when starting up the container. Optionally set a multi factor authentication code: OPENCONNECT_MFA_CODE= You can also change the ports the proxies are listening on (these are the default values): HTTPS_PROXY_PORT=8888 SOCKS5_PROXY_PORT=8889 # Run container in foreground To start the container in foreground run: docker run -it --rm --privileged --env-file=.env --net host wazum/openconnect-proxy Either use `--net host` or `-p 8888:8888 -p 8889:8889` to make the proxy ports available on the host. Without using a `.env` file set the environment variables on the command line with the docker run option `-e`: docker run … -e OPENCONNECT_URL=vpn.gateway.com/example \ -e OPENCONNECT_OPTIONS='' \ -e OPENCONNECT_USER= … # Run container in background To start the container in daemon mode (background) set the `-d` option: docker run -d -it --rm … In daemon mode you can view the stderr log with `docker logs`: docker logs `docker ps|grep "wazum/openconnect-proxy"|awk -F' ' '{print $1}'` # Use container with docker-compose ``` vpn: container_name: openconnect_vpn image: wazum/openconnect-proxy:latest privileged: true env_file: - .env ports: - 8888:8888 - 8889:8889 networks: - mynetwork ``` Set the environment variables for _openconnect_ in the `.env` file again (or specify another file) and map the configured ports in the container to your local ports if you want to access the VPN on the host too when running your containers. Otherwise only the docker containers in the same network have access to the proxy ports. # Configure proxy The container is connected via _openconnect_ and now you can configure your browser and other software to use one of the proxies (8888 for http/s or 8889 for socks). For example FoxyProxy (available for Firefox, Chrome) is a suitable browser extension. You may also set environment variables: export http_proxy="http://127.0.0.1:8888/" export https_proxy="http://127.0.0.1:8888/" composer, git (if you don't use the git+ssh protocol, see below) and others use these. # ssh through the proxy You need nc (netcat), corkscrew or something similar to make this work. Unfortunately some git clients (e.g. Gitkraken) don't use the settings from ssh config and you can't pull/push from a repository that's reachable (DNS resolution) only through VPN. ## nc (netcat, ncat) Set a `ProxyCommand` in your `~/.ssh/config` file like Host ProxyCommand nc -x 127.0.0.1:8889 %h %p or (depending on your ncat version) Host ProxyCommand ncat --proxy 127.0.0.1:8889 --proxy-type socks5 %h %p and your connection will be passed through the proxy. The above example is for using git with ssh keys. ## corkscrew An alternative is _corkscrew_ (e.g. install with `brew install corkscrew` on mac OS) Host ProxyCommand corkscrew 127.0.0.1 8888 %h %p # Build You can build the container yourself with docker build -f build/Dockerfile -t wazum/openconnect-proxy:custom ./build # Support You like using my work? Get something for me (surprise! surprise!) from my wishlist on [Amazon](https://smile.amazon.de/hz/wishlist/ls/307SIOOD654GF/) or [help me pay](https://www.paypal.me/wazum) the next pizza or Pho soup (mjam). Thanks a lot!