4.4 KiB
openconnect + tinyproxy + microsocks
This Docker image contains an openconnect client (version 8.04 with pulse/juniper support) and the tinyproxy proxy server for http/s connections (default on port 8888) and the microsocks proxy for socks5 connections (default on port 8889) in a very small alpine linux image (around 60 MB).
You can find the image on docker hub: https://hub.docker.com/r/wazum/openconnect-proxy
Requirements
If you don't want to set the environment variables on the command line
set the environment variables in a .env
file:
OPENCONNECT_URL=<Gateway URL>
OPENCONNECT_USER=<Username>
OPENCONNECT_PASSWORD=<Password>
OPENCONNECT_OPTIONS=--authgroup <VPN Group> \
--servercert <VPN Server Certificate> --protocol=<Protocol> \
--reconnect-timeout 86400
(don't use quotes around the values!)
Either set the password in the .env
file or leave the variable OPENCONNECT_PASSWORD
unset, so you get prompted when starting up the container.
Optionally set a multi factor authentication code:
OPENCONNECT_MFA_CODE=<Multi factor authentication code>
You can also change the ports the proxies are listening on (these are the default values):
HTTPS_PROXY_PORT=8888
SOCKS5_PROXY_PORT=8889
Run container in foreground
To start the container in foreground run:
docker run -it --rm --privileged --env-file=.env --net host wazum/openconnect-proxy
Either use --net host
or -p 8888:8888 -p 8889:8889
to make the proxy ports available on the host.
Without using a .env
file set the environment variables on the command line with the docker run option -e
:
docker run … -e OPENCONNECT_URL=vpn.gateway.com/example \
-e OPENCONNECT_OPTIONS='<Openconnect Options>' \
-e OPENCONNECT_USER=<Username> …
Run container in background
To start the container in daemon mode (background) set the -d
option:
docker run -d -it --rm …
In daemon mode you can view the stderr log with docker logs
:
docker logs `docker ps|grep "wazum/openconnect-proxy"|awk -F' ' '{print $1}'`
Use container with docker-compose
vpn:
container_name: openconnect_vpn
image: wazum/openconnect-proxy:latest
privileged: true
env_file:
- .env
ports:
- 8888:8888
- 8889:8889
networks:
- mynetwork
Set the environment variables for openconnect in the .env
file again (or specify another file) and
map the configured ports in the container to your local ports if you want to access the VPN
on the host too when running your containers. Otherwise only the docker containers in the same
network have access to the proxy ports.
Configure proxy
The container is connected via openconnect and now you can configure your browser and other software to use one of the proxies (8888 for http/s or 8889 for socks).
For example FoxyProxy (available for Firefox, Chrome) is a suitable browser extension.
You may also set environment variables:
export http_proxy="http://127.0.0.1:8888/"
export https_proxy="http://127.0.0.1:8888/"
composer, git (if you don't use the git+ssh protocol, see below) and others use these.
ssh through the proxy
You need nc (netcat), corkscrew or something similar to make this work.
Unfortunately some git clients (e.g. Gitkraken) don't use the settings from ssh config and you can't pull/push from a repository that's reachable (DNS resolution) only through VPN.
nc (netcat, ncat)
Set a ProxyCommand
in your ~/.ssh/config
file like
Host <hostname>
ProxyCommand nc -x 127.0.0.1:8889 %h %p
or (depending on your ncat version)
Host <hostname>
ProxyCommand ncat --proxy 127.0.0.1:8889 --proxy-type socks5 %h %p
and your connection will be passed through the proxy. The above example is for using git with ssh keys.
corkscrew
An alternative is corkscrew (e.g. install with brew install corkscrew
on mac OS)
Host <hostname>
ProxyCommand corkscrew 127.0.0.1 8888 %h %p
Build
You can build the container yourself with
docker build -f build/Dockerfile -t wazum/openconnect-proxy:custom ./build
Support
You like using my work? Get something for me (surprise! surprise!) from my wishlist on Amazon or help me pay the next pizza or Pho soup (mjam). Thanks a lot!