Configure Secure Client VPN for Use in a Docker Container

Introduction

This document describes how to use the Cisco Secure Cient VPN inside a Docker container.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• The Cisco Secure Client package can be downloaded to the local desktop and used inside a Docker container. (In order to download the client package, refer to the Cisco Secure Client web page.)
• The Cisco Secure Client is compatible with Docker starting version 5.1.10.
• The Docker deployment requires the use of the Cisco Secure Client DEB or RPM CLI packages (the packages are optimized for CLI only usage, which is the case for Docker).

Components Used

The information in this document is based on Cisco Secure Client Version 5.1.10 RPM or DEB CLI package.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

License Information

Refer to the Cisco Secure Client Ordering Guide for information about licenses.

Setup

Docker File

1. Installing the package that the Cisco Secure Client depends on.
   • For RHEL (Red Hat Entreprise Linux):
     
     

     RUN yum install -y net-tools iptables 

   • For Ubuntu:
     
     

     RUN apt-get install -y net-tools iptables

2. Enabling logging.
   
   

   ENV CSC_LOGGING_OUTPUT=STDOUT

   

   Caution: If enabled, the logs print inline in the CLI alongside other ongoing activities.

3. Copy the DEB/RPM package from the host.
   
   • For RHEL:
     
     

     COPY cisco-secure-client-vpn-cli-<VERSION>-1.x86_64.rpm /tmp/cisco-secure-client-cli.rpm 

   • For Ubuntu:
     
     

     COPY cisco-secure-client-vpn-cli_<VERSION>_amd64.deb /tmp/cisco-secure-client-cli.deb

4. In order to start the VPN agent, keep it running, and restart it if necessary, a file named entry.sh is added as the entry point for the Docker container. This script must be copied into the container for later use.
   
   

   #!/bin/bash
   
   wait_forever() {
     while true; do
       sleep infinity &
       wait $!
     done
   }
   
   start_service() {
     if [ -f /opt/cisco/secureclient/bin/vpnagentd ]; then
       echo "Starting VPN agent..."
       while true; do
         /opt/cisco/secureclient/bin/vpnagentd -execv_instance &
         SERVICE_PID=$!
         wait $SERVICE_PID
         echo "VPN agent exited. Restarting..."
         sleep 1
       done
     fi
   }
   
   start_service
   wait_forever

   • For both RHEL and Ubuntu:
     
     

     COPY entry.sh /entry.sh
     RUN chmod +x /entry.sh

5. Install the package.
   • For RHEL:
     
     

     RUN cd /tmp && \
         dnf install -y ./cisco-secure-client-cli.rpm && \
         rm -rf /tmp/cisco-secure-client-cli.rpm

   • For Ubuntu:
     
     

     RUN cd /tmp && \
         apt-get install -y ./cisco-secure-client-cli.deb && \
         rm -rf /tmp/cisco-secure-client-cli.deb

6. Add the entry.sh as the entrypoint to the Docker container.
   
   

   ENTRYPOINT ["/entry.sh"]