OpenConnect docker image depends on the latest version of OpenConnect, oath-toolkit & socat on top of Alpine Linux.
-
Build the Docker image:
docker-compose build --force
-
Add
.envfile to set up VPN connection params:VPN_URL=<VPN gateway URL> VPN_USER=<Username> VPN_PASSWORD=<Password> VPN_OPTIONS=--protocol=<Protocol> \ --authgroup=<VPN group> \ --servercert=<VPN server TLS certificate fingerprint pin-sha256 type> \ # To generate pin-sha256 fingerprint you can use openssl: # openssl s_client -showcerts -connect $VPN_HOST:443 </dev/null 2>/dev/null | openssl x509 -outform der | openssl dgst -sha256 -binary | openssl enc -base64 # # When using multi-factor authentication with TOTP add additional options: --timestamp --token-mode=totp --token-secret=<TOTP secret> # To expose VPN service ports outside Docker container add the group of environment variables for each VPN service: HOST_PORT_1=<Host port for service 1> VPN_SERVICE_HOST_PORT_1=<VPN service 1 endpoint ip:port> #... # HOST_PORT_N=<Host port for service N> # VPN_SERVICE_HOST_PORT_N=<VPN service N endpoint ip:port>
Don't use quotes around the values!
See the openconnect documentation for available options.
Either set the password in the
.envfile or leave the variableVPN_PASSWORDunset, so you get prompted when starting up the container.To expose more than one VPN service outside the Docker container your need add additional ports mapping sections and PORT_MAP_APP environment variables for each service in the
docker-compose.ymlfile -
Start the Docker containers:
docker-compose up -d --env-file `.env` --abort-on-container-exit
Pull requests are very welcome!