Docker Community Forums

Share and learn in the Docker community.

Docker for Mac beta does not work with VPN


(Rthummala) #1

Expected behavior

When i am on VPN, i should be able to use the docker client to connect to the docker engine and perform usual docker commands.

Actual behavior

When i am on not on VPN, the docker functionality works. Once i login to VPN, all docker commands hang. Tried to stop and start the daemon, but still no use.

Information

  • the output of:
    • pinata diagnose -u on OSX
      rthummalap-ltm:~ rthummalapenta$ pinata diagnose -u
      OS X: version 10.11.4 (build: 15E65)
      Docker.app: version v1.10.3-beta5
      Running diagnostic tests:
      [ERROR] docker-cli Connection refused (ECONNREFUSED) connecting to /var/run/docker.sock: check if service is running
      [OK] Moby booted
      [ERROR] driver.amd64-linux Connection refused (ECONNREFUSED) connecting to /tmp/fs.socket: check if service is running
      [OK] vmnetd
      [ERROR] lofs Connection refused (ECONNREFUSED) connecting to /var/tmp/com.docker.lofs.socket: check if service is running
      [ERROR] osxfs Connection refused (ECONNREFUSED) connecting to /var/tmp/com.docker.osxfs.socket: check if service is running
      [ERROR] db Connection refused (ECONNREFUSED) connecting to /var/tmp/com.docker.db.socket: check if service is running
      [ERROR] slirp Connection refused (ECONNREFUSED) connecting to /var/tmp/com.docker.slirp.port.socket: check if service is running
      [OK] menubar
      [OK] environment
      [OK] Docker
      [OK] VT-x
      Docker logs are being collected into /tmp/20160331-103515.tar.gz.
      Your unique id in bugsnag is: E5AEBC61-3392-44F9-B317-536B248D1AD0
      Please quote this in all correspondence.
      rthummalap-ltm:~ rthummalapenta$

    • DockerDebugInfo.ps1 using Powershell on Windows

  • a reproducible case if this is a bug, Dockerfiles FTW - NA
  • page URL if this is a docs issue or the name of a man page : NA
  • host distribution and version : OSX 10.11.4 El Capitan

Here is the output when i tried to start the docker daemon after logging into VPN:

docker is configured to use the default machine with IP A.B.C.D
For help getting started, check out the docs at https://docs.docker.com

Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host “A.B.C.D:2376”: dial tcp A.B.C.D:2376: i/o timeout
You can attempt to regenerate them using ‘docker-machine regenerate-certs [name]’.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

/bin/bash: /bin/bash: cannot execute binary file
rthummalap-ltm:~ rthummalapenta$ docker-machine regenerate-certs
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available…
Detecting the provisioner…
Copying certs to the local machine directory…
Copying certs to the remote machine…
Setting Docker configuration on the remote daemon…

This machine has been allocated an IP address, but Docker Machine could not
reach it successfully.

SSH for the machine should still work, but connecting to exposed ports, such as
the Docker daemon port (usually :2376), may not work properly.

You may need to add the route manually, or use another related workaround.

This could be due to a VPN, proxy, or host file configuration issue.

You also might want to clear any VirtualBox host only interfaces you are not using.
rthummalap-ltm:~ rthummalapenta$

Steps to reproduce the behavior

  1. Install Docker for Mac beta software while not being on VPN
  2. Verify that you can do the usual docker operations (docker pull, docker run, docker ps , docker images etc)
  3. Log in to the VPN
  4. Do the usual docker operations (docker pull, docker run, docker ps , docker images etc) and they will fail.

(Rthummala) #2

With docker-machine and boot2docker, we used to use a helper script to :slight_smile:

  • Create a new boot2docker VM (or apply the necessary changes to an existing VM)
  • Add a port forwarding rule for the Docker daemon port
  • Create and deploy a new certificate for the Docker daemon
  • Add the environment variables needed by the Docker client

Do we still need to do that Docker for Mac? My understanding is that we do not need to do this any more.


(Brint O'Hearn) #3

Howdy!

I had a similar problem, but I went to “Settings” > “VPN compatibility mode”, and everything worked for me after enabling that. Have you tried it with VPN compatibility mode?


(Justin Cormack) #4

Hi yes, please try the VPN compatibility mode in the settings. This will probably become the default mode at some point but there are still some issues to resolve.