Skip to content

Instantly share code, notes, and snippets.

@trastle

trastle/anyconnect-boot2docker.md

Last active November 27, 2015 23:25
Show Gist options
  • Save trastle/e837908e3642fc99dfc1 to your computer and use it in GitHub Desktop.
Save trastle/e837908e3642fc99dfc1 to your computer and use it in GitHub Desktop.
Download ZIP
Add routes to use Boot2Docker and AnyConnect at the same time on OSX.
Raw
anyconnect-boot2docker.md

Using boot2docker and AnyConnect at the same time

Boot2Docker works great, so does AnyConnect but running the two together causes traffic intended for Boot2Docker to head down the VPN link, this ruining everything.

Investigation

Tale a look at what network your Docker VirtualBox VM is on:

tastle@TASTLE ~ $ env | grep DOCKER_HOST
DOCKER_HOST=tcp://192.168.59.103:2376

Start boot2docker and do not start anyconnect. Take a look at your routing table:

tastle@TASTLE ~ $ netstat -nr

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGSc           30        1     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH             21     1110     lo0
169.254            link#4             UCS             0        0     en0
192.168.1          link#4             UCS             4        0     en0
192.168.1.1        d8:a2:5e:7a:7f:71  UHLWIir        29      206     en0   1173
192.168.1.12       b8:27:eb:85:73:2a  UHLWI           0        0     en0   1192
192.168.1.85       127.0.0.1          UHS             0        0     lo0
192.168.59         link#11            UC              1        0 vboxnet
192.168.59.103     8:0:27:58:ad:89    UHLWIi          1       40 vboxnet   1183

...

Now start anyconnect and take a look:

tastle@TASTLE ~ $ netstat -nr

Internet:	
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            10.61.213.124      UGSc           10        0   utun1
default            192.168.1.1        UGScI           1        0     en0
10.61.213.124/32   utun1              UCS             1        0   utun1
10.61.213.124      utun1              UHWIir         11       32   utun1
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH             12     4022     lo0
144.254.221.42/32  192.168.1.1        UGSc            1        0     en0
169.254            link#14            UCS             0        0   utun1
192.168.1          link#14            UCS             0        0   utun1
192.168.1.1        d8:a2:5e:7a:7f:71  UHLSr           4       12     en0     46
192.168.1.85       127.0.0.1          UHS             0        0     lo0
192.168.59         link#14            UCS             0        0   utun1

...

You can see the need to change the interface traffic to 192.168.59.0/24 back over to the vbox interface.

Claim the route back from AnyConnect

First find what interface it is:

tastle@TASTLE $ ifconfig | grep 192.168.59 -B 2
vboxnet1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	ether 0a:00:27:00:00:01 
	inet 192.168.59.3 netmask 0xffffff00 broadcast 192.168.59.255

Then change the interface for 192.168.59.0/24 to the required vbox interface:

sudo route -nv change -net 192.168.59 -interface vboxnet1

Fix the firewall

You then need to download and run the boot2docker VPN fix script to correct remove any firewall rules blocking access:

https://raw.githubusercontent.com/frosenberg/docker-dns-scripts/master/vpn-fix.sh

tastle@TASTLE $ sudo ./vpn-fix.sh
Found blocking firewall rule: 00020    567    146799 deny ip from any to any
Deleting rule 00020 ... [OK]

References and thanks

@trastle
Copy link
Author

trastle commented Jan 5, 2015

TODO: Work out how to get this working again once we disconnect from AnyConnect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment