Skip to content

danjpgriffin/anyconnect

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

About

This project enables a linux host to run Cisco Anyconnect and Traps/Cortex in a docker container. The wrapper script then routes selected network ranges to the VPN. Currently all DNS traffic is sent through the VPN

To configure

All configuration is performed in the config/ directory

  • Obtain the AnyConnect linux installer program. Place in the file 'packages/anyconnect.tar.gz'
  • Obtain the "Traps/Cortex" debian linux installer. Place in the file 'packages/cortex.deb' directory.
  • Create a config/resolv.template file containing the IP address of the container as nameserver and optionally the search domains you want to use. The container will forward DNS queries to the nameservers provided by the VPN connection or in interactive mode when no connection is established yet to 8.8.8.8 (Google):
nameserver 10.200.64.2
search mycompany.com
  • Alternatively, if your system uses systemd-resolved for providing name resolution to local applications (check with systemctl is-active systemd-resolved.service) create a config/systemd-resolved.template file with the following format:
[Resolve]
DNS=10.200.64.2
Domains=mycompany.com ~.
  • Specify the routes you wish to forward through the VPN in the file config/routes. Only these routes will be routed via the VPN. For example:
routes=(10.0.0.0/8)

Additional routes are space separated (it is a normal bash array)

  • Optionally add a response file called config/response.txt. If present, the commands in this file will be read to work non-interactively. You will also be prompted separately to enter your password, which is then available as $VPN_PASSWORD in the response file. For example:
connect vpn.mycompany.com
1
vpn-username
$VPN_PASSWORD
y

If you use multi-factor authentication, additional lines in the response file might be required. If the response file contains $VPN_TOTP, you will be prompted for a "time-based one-time password" (e.g. from Google Authenticator). Example:

connect vpn.mycompany.com
5
vpn-username
$VPN_PASSWORD
$VPN_TOTP
y
  • Further, it is also possible to provide an existing AnyConnect profile as config/AnyConnectProfile.xml. In that case, adjust your config/response.txt file accordingly.

To run

  1. run sudo ./start-vpn
  2. type "connect 'your vpn endpoint'"
  3. continue with rest of login script

This project is for informational use only. Do not use to bypass your company procedures or security policies. Use at your own risk. I can offer no support for this project

About

Connect to anyconnect using a docker container

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •