Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5990
Views
11
Helpful
6
Replies

AnyConnect disconnect then reconnect when starting a new docker container

00uv35592KJPaMPEN5d6
Level 1
Level 1

‎06-08-2021 07:49 AM

I connect to my company VPN with AnyConnect (using this rather than openconnect to allow single sign on to work).

When I run a docker container that's not using network driver "host", my VPN disconnects then reconnects. My VPN connection is still functional on the host and any containers running with network driver "host" can still access VPN resources.

So everything works. What is like to know is what exactly is causing this behaviour and when I know that, is there anything I can do to prevent it.

docker create network -d bridge my_network doesn't cause the disconnect. It's only when I use the network (and ip link show shows it's created a virtual Ethernet interface using my bridge as master) that the disconnect and reconnect happens.

Upsers

I have docker and Cisco AnyConnect on an Ubuntu based distribution (though have seen this same behaviour on OpenSuse and Fedora)

Update

I have realised today that when building a container, it also disconnects and reconnects the Linux Cisco AnyConnect client.

8 people had this problem
0 Helpful
6 Replies 6

zenki
Level 1
Level 1

‎08-03-2021 03:00 PM

I have this problem, too. Found any solution for this?

0 Helpful

seglo
Level 1
Level 1

‎12-21-2021 06:41 AM

I have the same problem. It's really frustrating because I have no alternative VPN software to use on Linux because my organization uses Okta to complete authentication which has tentative support in openconnect, so that's not an option. I run AnyConnect 4.9.06037 on Ubuntu 20.04.2 LTS.  My symptoms are:

 

  • If I have any container with host networking is running when I attempt to connect then my /etc/resolv.conf gets clobbered by AnyConnect. Redundant nameservers and search parameters are added which essentially break name resolution. I can't correct the /etc/resolv.conf after connect.
  • Any time I start a container with host networking after connected with AnyConnect it will cause a reconnect, although the reconnect doesn't break my /etc/resolv.conf in this scenario.
0 Helpful

RandallMarvin
Level 1
Level 1

‎02-20-2022 09:48 PM - edited ‎02-21-2022 07:36 PM

Pleased to see your issue as I think I have the same problem, I am also confused and in need of light on this same issue.

 

LiveTheOrangeLife

 

 

 

0 Helpful

seglo
Level 1
Level 1
In response to RandallMarvin

‎02-21-2022 07:39 PM

I'm afraid I don't have a solution. I just deal with the reconnects which
isn't too disruptive for me.
0 Helpful

brian.derocher
Level 1
Level 1

‎03-24-2022 08:37 AM - edited ‎03-24-2022 08:38 AM

I'm seeing this in the acvpnagent log

 

Mar 24 11:27:13 breg acvpnagent[1073]: A new network interface has been detected.
Mar 24 11:27:13 breg acvpnagent[1073]: IP addresses from active interfaces: br-a708d64e944d: 10.120.4.1, FE80:0:0:0:42:A3FF:FE62:3B3A cscotun0: 192.168.10.173, FE80:0:0:0:9278:6299:C7E0:2EE9, FE80:0:0:0:FCE3:2ED6:AFFA:33E6 veth42944f2: FE80:0:0:0:DC1D:27FF:FE31:3172 veth6fd49bf: FE80:0:0:0:C898:92FF:FEE3:55B0 vethc4b8f2a: FE80:0:0:0:CC09:80FF:FE50:1ECA vethc6d1817: FE80:0:0:0:C05A:54FF:FE3C:343E wlo1: 172.24.28.9, FE80:0:0:0:F959:9CAB:6553:693  
Mar 24 11:27:13 breg acvpnagent[1073]: Reconfigure reason code 15: New network interface.

So it seems like any new interface change (e.g. docker) will cause a "reconfigure".

0 Helpful

MartinKiska4134
Level 1
Level 1

‎10-04-2022 08:59 AM

Ask your account team to push it further. Currently it exists as Enhancement request. - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc70093

Customers Also Viewed These Support Documents