Public | Automated Build

Last pushed: 2 months ago
Short Description
OpenConnect client (alpine sized) with patched support for 2FA Palo Alto vpn networks
Full Description

Built from to get the additional Palo Alto Networks (PAN) authentication mode.

The below example uses --read-only mode (for a tiny bit of additional security, you must include the --tmpfs parameter if using read-only mode).

docker run \
    --name openconnect \
    --init \
    --net host \
    --read-only \
    --tmpfs /var/run/vpnc:rw,size=1000k \
    --cap-add=NET_ADMIN \
    --device /dev/net/tun \
    --pids-limit 50 \
    --cpus="1" \
    --memory="512m" \
    -v /etc/resolv.conf:/etc/resolv.conf \
    --security-opt="no-new-privileges:true" \
    --interactive \
    --tty \
    robertbeal/openconnect:latest --protocol=gp <ip> --servercert sha256:<sha>

Small Issue

SIGTERM works (ie docker stop openconnect) but not in an elegant fashion. The vpnc-script doesn't revert the /etc/resolv.conf so you may find your hosts /etc/resolv.conf is left in a messy state. When I have time I need to find out why openconnect isn't shutting down cleanly.

SIGINIT (ie ctrl+c) however does fully work.

Docker Pull Command
Source Repository