My work VPN isn’t enforced however there is some software that REQUIRES connection to the AnyConneft VPN in order to download things from the server or it won’t login. What would happen if I were to try connecting to the Cisco AnyConnect client while connected to my exit node via travel router?
If I’m understanding, you have:
[work laptop w AnyConnect client] > [travel router connected to exit node] > tailnet > hardware with Tailscale running as exit node]
If so, then yes, this will work. In fact, I use a setup like this for situations where the network I’m on blocks my corporate VPN. I either route to Tailscale (if that will connect) or to Cloudflare (via Warp+). There are a couple other ways in case both of those are blocked), but point is that yes, double-proxying in the way you’ve described will work fine.
I can’t seem to get this to work. When I connect to AnyConnect, it doesn’t allow me to RDP to my work machine. It also doesn’t seem to stay connected to AnyConnect. Would I have to change any specific settings?
Although unlike OP, I’m not using a travel router, I’m just trying to run TailScale + AnyConnect on the same machine. I’m wondering if maybe I should run AnyConnect inside a VM (I know some coworkers do that because it gets bypasses not being able to access non-corporate websites while connected on AnyConnect).
The problem here is that you have two VPNs on one machine - which, for the purposes of your (and most) situations, you can’t do. This is why folks mention using a travel router. People often refer to VPN as tunneling, so imagine a tube (maybe one of those cardboard ones for paper towels or TP) with all your traffic in it. If you put them side by side between your computer and the interwhoo, it doesn’t make sense, because what is going where? If you put one sort of inside of the other, then it starts to make sense. The way to do that is to tunnel your traffic through Tailscale (or another svc) by having the router handle that. Cool, now all your traffic goes through that tunnel, which means if you then use AnyConnect on your machine, it’s doing so INSIDE that other tunnel (Tailscale).
I hope this makes sense.
Thanks for the clarification! That does make sense. I thought maybe there’d be a way to layer the VPNs. If I run AnyConnect inside a VM would that still have the same outcome? I’ll have to try a travel router.
I think anyconnect in a VM is possible, but I’ve not used VMware in over a decade and really don’t recall any details.