I met the same VPN problem on Linux (Ubuntu 18) with AnyConnect client, but I solved it partially after I address the problem which came with VPN-established iptables rule, may you try following steps:
1.Try connect (which is blocked in the container but can be arrived from host) internet address inside the container such as ssh username@xx.xx.xxx to send some traffic
2.Exit to host and then run shell command sudo iptables -n -v -l | grep DROP, find out the non-zero led line, this line is the traffic-blocked iptables rule
3.Insert some rule to allow you connection before which was found out in step 2
I guess not only AnyConnect but also many VPNs will work with docker incorrectly,
And some answers from StackOverflow mention that docker daemon must start after the AnyConnect vpnagentd, I don’t verify, maybe these links are useful:
Eventually, I write a script to handle the problem automatically after every reconnect.
#!/bin/bash
# for safe exit
# set -xeuo pipefail
# Anyconnect retry connect and add iptables rule to accept all traffic to dockers
# 2020,9,14 by Hai-chien Teng
# check per 60 seconds
while true
do
# determinate if connected
found=`ip a | grep 10.10.10| wc -l`
if [ "$found" -eq 0 ]
then
echo "Ready to connect VPN server..."
printf '$VPN_USERNAME\n$VPN_PASSWORD\n' | /opt/cisco/anyconnect/bin/vpn -s connect $VPN_HOST:443
# Wait for HTTP establishment
sleep 5
# determinate if connnect fail
found=`ip a | grep 10.10.10| wc -l`
if [ "$found" -eq 0 ]
then
# retry connect
echo "Retry connect..."
continue
fi
echo "connected!!!"
else
ip=`ip a | grep 10.10.10 | sed -r 's/.*\s(.*)\/.*/\1/'`
echo "There are already connected, ip is $ip"
fi
# determinate if the ACCEPT rule was added
foundrule=`printf '$PASSWORD' | sudo -S iptables -vnL ciscovpn | sed -n '3p' | grep cscotun0`
if [ ! "$foundrule" ]
then
printf '$PASSWORD' | sudo -S iptables -t filter -I ciscovpn -i cscotun0 -p all -j ACCEPT
echo "Add ACCEPT rule"
fi
# check per 60 seconds
sleep 60
done
Kind of sad that none of docker or wsl2 team working on this issue. most companies use vpn for security and it is unacceptable that there is no fix yet.
I have the same issue. docker login does NOT work behind a VPN, error message: Login did not succeed, error: Error response from daemon: Get "https://registry-1.docker.io/v2/"
But logging in via Docker Desktop on Windows works, although it doesn’t help.
The problem is that without a proper docker login all container builds will constantly re-download metadata for each container, which increases the time of the build for no reason at all… a huge cluster.