Introduction
This document describes how to use the Cisco Secure Cient VPN inside a Docker container.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- The Cisco Secure Client package can be downloaded to the local desktop and used inside a Docker container. (In order to download the client package, refer to the Cisco Secure Client web page.)
- The Cisco Secure Client is compatible with Docker starting version 5.1.10.
- The Docker deployment requires the use of the Cisco Secure Client DEB or RPM CLI packages (the packages are optimized for CLI only usage, which is the case for Docker).
Components Used
The information in this document is based on Cisco Secure Client Version 5.1.10 RPM or DEB CLI package.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
License Information
Refer to the Cisco Secure Client Ordering Guide for information about licenses.
Setup
Docker File
- Installing the package that the Cisco Secure Client depends on.
- Enabling logging.
ENV CSC_LOGGING_OUTPUT=STDOUT
Caution: If enabled, the logs print inline in the CLI alongside other ongoing activities.
- Copy the DEB/RPM package from the host.
- In order to start the VPN agent, keep it running, and restart it if necessary, a file named entry.sh is added as the entry point for the Docker container. This script must be copied into the container for later use.
#!/bin/bash
wait_forever() {
while true; do
sleep infinity &
wait $!
done
}
start_service() {
if [ -f /opt/cisco/secureclient/bin/vpnagentd ]; then
echo "Starting VPN agent..."
while true; do
/opt/cisco/secureclient/bin/vpnagentd -execv_instance &
SERVICE_PID=$!
wait $SERVICE_PID
echo "VPN agent exited. Restarting..."
sleep 1
done
fi
}
start_service
wait_forever
- Install the package.
- For RHEL:
RUN cd /tmp && \
dnf install -y ./cisco-secure-client-cli.rpm && \
rm -rf /tmp/cisco-secure-client-cli.rpm
- For Ubuntu:
RUN cd /tmp && \
apt-get install -y ./cisco-secure-client-cli.deb && \
rm -rf /tmp/cisco-secure-client-cli.deb
- Add the entry.sh as the entrypoint to the Docker container.
ENTRYPOINT ["/entry.sh"]