I am connected to a corporate VPN and need to be able to run docker containers while the VPN is connected due to the fact that the container needs to be able to access corporate endpoints. However, when I am connected with AnyConnect VPN, docker has no internet access at all. Neither to our corporate endpoints or the internet.

I am running CentOS7 as my host operating system.

A simple way to reproduce this issue is to install a minimal linux distro, install AnyConnect VPN, connect to vpn and try to run the following docker container:

docker run -i -t ubuntu:14.04 /bin/bash

Once inside the container I try to ping google dns

[###]$ ping 8.8.8.8

There will be no response. If I disconnect from AnyConnect VPN and retry the above, I get a ping response.

How can I fix this issue?

CodePudding user response：

After you make a change to the network interfaces, you often need to restart the docker engine to rebuild all of the routes and iptables entries. With Linux and systemd, use:

systemctl restart docker

CodePudding user response：

Ping outside and internet access are different. You could access internet but could not ping as limit by your corporation network. I suggest running busybox

docker run -it --rm busybox

and check the dns setup inside

cat /etc/resolv.conf

From there you may see list of nameserver ip addresses. Now you could try to ping those to make sure they are reachable from inside. If not, you could try

traceroute 1.2.3.4

to see how far you could go from inside container, the first 2 lines should be ip of docker and the host machine, and then the ip of your corporation network

1  172.17.0.1 (172.17.0.1)  0.016 ms  0.011 ms  0.009 ms
2  10.1.249.4 (10.1.249.4)  38.487 ms  35.697 ms  35.558 ms

Usually it's problem of the nameserver generated inside /etc/resolv.conf file. If it's the case, then you need to check /etc/resolv.conf in the host machine and update the docker setup to generate the nameservers correctly inside container.