Minikube ssh cannot connect internet via VPN

[zezhong-zhang]

What Happened?

Minikube version (use minikube version): v1.31.2

Environment:

OS (e.g. from /etc/os-release): Manjaro Arch "23.0.2"
Kernel: 6.1.53-1-MANJARO
Driver (e.g. cat ~/.minikube/machines/minikube/config.json | grep DriverName): docker
Install tools:
Others:
What happened:
Creating and using minikube is fine without vpn. Open Cisco AnyConnect Secure Mobility Client (VPN client for work) and minikube cannot pull image. Checked minikube ssh, it cannot access internet while host internet access on vpn is fine.

minikube ssh
docker@minikube:~$ nslookup google.com
Server:         192.168.49.1
Address:        192.168.49.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.160.78
Name:   google.com
Address: 2404:6800:4012:1::200e

docker@minikube:~$ ping google.com
PING google.com (172.217.160.78) 56(84) bytes of data.
^C
--- google.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5058ms

When start minikube with VPN on, it also has troubles accessing registry

minikube start                                                                                          
😄  minikube v1.31.2 on Arch "23.0.2"
✨  Using the docker driver based on existing profile
👍  Starting control plane node minikube in cluster minikube
🚜  Pulling base image ...
🏃  Updating the running docker "minikube" container ...
❗  This container is having trouble accessing https://registry.k8s.io
💡  To pull new external images, you may need to configure a proxy: https://minikube.sigs.k8s.io/docs/reference/networking/proxy/
🐳  Preparing Kubernetes v1.27.4 on Docker 24.0.4 ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: storage-provisioner, default-storageclass
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

What you expected to happen:
Minikube should work and it request to external site should go through vpn

How to reproduce it (as minimally and precisely as possible):

Create minikube off of VPN
Connect to Cisco AnyConnect VPN
Try to use minikube

Note: this is different from #1099 where in that case is cannot start the minikube, here is minikube cannot access external network via vpn

Attach the log file

log.txt

Operating System

Other

Driver

Docker

[rmsilva1973]

@zezhong-zhang Well... Cisco AnyConnect messes up routing tables and such on WSL/Ubuntu. I wouldn't be surprised if there's a similar issue on your case. When I connect to VPN with AnyConnect I have to use wsl-vnpkit (https://github.com/sakai135/wsl-vpnkit) to be able to keep accessing anything from insided wsl.

I don't think it's an issue related to minikube. I would bet on an issue with Cisco AnyConnect which alongside with Docker CNI would make things quite tricky...

[rmsilva1973]

/kind support

[zezhong-zhang]

Indeed Cisco AnyConnect mess up routing tables that even I manually played around for a day but cannot work. After switched to openvpn, the problem is solved. Many thanks for pointing the direction! I will close the issue.

[kaykhan]

Also having the same issue with aws vpn client