OpenConnect VPN Server
OpenConnect VPN server is an SSL VPN server that is secure, small, fast and configurable. It implements the OpenConnect SSL VPN protocol and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual TCP/UDP VPN channel and uses the standard IETF security protocols to secure it. The OpenConnect client is multi-platform and available here. Alternatively, you can try connecting using the official Cisco AnyConnect client (Confirmed working on Android).
This container is an automated build linked to alpine. The dockerfile was written to always download and compile the latest release of OpenConnect VPN server when built.
- Base: Alpine Edge
- Latest OpenConnect Server 0.11.10
- Size: 57.1MB
- Modification of the listening port for more networking versatility
- Customizing the DNS servers used for queries over the VPN
- Supports tunneling all traffic over the VPN or tunneling only specific routes via split-include
- Config directory can be mounted to a host directory for persistence
- Create certs automatically using default or provided values, or drop your own certs in /config/certs
- Advanced manual configuration for power users
Run container from Docker registry
The container is available from the Docker registry and this is the simplest way to get it.
Without customizing cert variables
$ docker run --privileged -d \ -p 4443:4443 \ -p 4443:4443/udp \ markusmcnugen/openconnect
With customizing cert variables
$ docker run --privileged -d \ -p 4443:4443 \ -p 4443:4443/udp \ -e "CA_CN=VPN CA" \ -e "CA_ORG=OCSERV" \ -e "CA_DAYS=9999" \ -e "SRV_CN=vpn.example.com" \ -e "SRV_ORG=MyCompany" \ -e "SRV_DAYS=9999" \ markusmcnugen/openconnect
Intermediate Configuration (Providing own certs in /config/certs and running on port 443):
Cert files are stored in /config/certs. It will automatically generate certs if the following two files are not present in the cert directory:
$ docker run --privileged -d \ -v /your/config/path/:/config \ -e "LISTEN_PORT=443" \ -e "DNS_SERVERS=192.168.1.190" \ -e "TUNNEL_MODE=split-include" \ -e "TUNNEL_ROUTES=192.168.1.0/24" \ -e "SPLIT_DNS_DOMAINS=example.com" \ -p 443:443 \ -p 443:443/udp \ markusmcnugen/openconnect
This container allows for advanced configurations for power users who know what they are doing by mounting the /config volume to a host directory. Users can then drop in their own certs and modify the configuration. The POWER_USER environmental variable is required to stop the container from overwriting options set from container environment variables. Some advanced features include setting up site to site VPN links, User Groups, Proxy Protocol support and more.
||No||Listening port for VPN connections||
||No||Comma delimited name servers||
||No||Tunnel mode (all / split-include)||
||No||Comma delimited tunnel routes in CIDR notation||
||No||Comma delimited dns domains||
||No||Allows for advanced manual configuration via host mounted /config volume||
||No||OpenConnect config files||
||TCP||Yes||OpenConnect server TCP listening port||
||UDP||Yes||OpenConnect server UDP listening port||
How to use this OpenConnect Server Docker
Install and run the docker container with your chosen options. Port forward incoming traffic on your router, some outside port to the containers IP and the listening port on the inside. After port forwarding is established you will need to create VPN accounts for users to login with usernames and passwords.
Add User/Change Password
Add users by executing the following command on the host running the docker container
docker exec -ti openconnect ocpasswd -c /config/ocpasswd markusmcnugen Enter password: Re-enter password:
Delete users by executing the following command on the host running the docker container
docker exec -ti openconnect ocpasswd -c /config/ocpasswd -d markusmcnugen
Login and Logout Log Messages
After a user successfully logins to the VPN a message will be logged in the docker log.
Example of login message:
[info] User markusmcnugen Connected - Server: 192.168.1.165 VPN IP: 192.168.255.194 Remote IP: 22.214.171.124
Example of logoff message:
[info] User markusmcnugen Disconnected - Bytes In: 175856 Bytes Out: 4746819 Duration:63
If you are having issues with this container please submit an issue on GitHub. Please provide logs, docker version and other information that can simplify reproducing the issue. Using the latest stable verison of Docker is always recommended. Support for older version is on a best-effort basis.
Building the container yourself
To build this container, clone the repository and cd into it.
$ cd /repo/location/openconnect $ docker build -t openconnect .
$ docker run --privileged -d \ -p 4443:4443 \ -p 4443:4443/udp \ openconnect
This will start a container as described in the "Run container from Docker registry" section. View the other run configurations for more advanced setups.