Proxy_VPN is a Docker container image that combines Squid and Openconnect VPN for a better user experience when:
- you prefer to not install VPN client software on your local computer,
- you want to keep an unmodified network access for your local computer, without relying on the VPN policies or configuration.
It is configured for Cisco AnyConnect VPN.
In the current architecture, the Container assume two roles:
- initiating a VPN session to your private resources,
- exposing a Proxy to the container host, so private resources behind the VPN are reachable from your local computer.
- a podman machine running on your local computer,
- bash interpreter.
- execute
0_build_image.shand type your VPN URL/User/Password when prompted - modify
start_proxy_vpn.sh.samplescript : changeTEST_URL,VPN_NAME,IMAGEand remove the .sample extension - execute
start_proxy_vpn.shto create the container. - configure your system or your internet browser to use localhost:3233 as your proxy
A small helper script is provided for easier interaction with the solution: intranet.command It is a wrapper script that will do the following actions:
- execute start_proxy_vpn.sh
- launch Chrome wih a specific profile.
For best usage of this helper, you should modify it to suit your environment then rename it (removing the .sample extension).
Some Browser configuration is implied for as a prerequisite:
- create a new browser profile dedicated for proxy_vpn usage and retrieve its id number (type
chrome://version/in the address bar), - install a Chrome extension that allows you to specify a proxy and configure it (I use Foxy Proxy).
Once everything is setup, you can simply launch intranet.command from spotlight:
- proxy_vpn will be launched,
- Chrome with the profile configured for your local proxy usage will be launched.
Browser and extension may be changed for other components that better suit your needs.
You can already reach your private resources with any protocol configured in Squid (ftp, ssh, gopher, etc ...)
But you can also combine this solution with tools like corkscrew to reach SSH private targets.
The log redirection to a volume is not supported in this version. This feature may come back in a later version.
Your Proxy logs are redirected to your computer in a local folder. Thanks Docker Volumes.
Some ideas about what could come next:
- Visibility: redirect Openconnect VPN logs to a podman Volume
- Security: conceal the vpnpassword in a local vault solution
- Architecture: split to dedicated containers for proxy and vpn roles
- Availability: use a container orchestration solution to act as a watchdog
The initial idea and prototype were created by Matthieu Bordonné. Version 0.1.0 is the code adapted by Christophe Pauliat, containing helper scripts for easier day-to-day interaction on a user computer.
Current version is actually maintained by Çetin Ardal.
This project is open source : all contributions are welcome.
- for small typo/enhancements, just Fork this on GitHub and submit a Pull Request,
- for new features or substantial changes, please open an Issue first to discuss about the intended change.
This project is licensed under the GNU GPLv3 License. see COPYING