openconnect routing issue, Cisco ASA SSL VPN
David Woodhouse
dwmw2 at infradead.org
Thu Nov 24 16:21:00 EST 2011
On Thu, 2011-11-24 at 12:21 -0600, Mathew Crane wrote:
> I am trying to connect remotely to my company's resources via their
> Cisco VPN. They offer .p12 SSL-based ASA gateways that I can
> successfully connect to and navigate company resources, access email,
> etc. However, I am not able to navigate to resources located outside
> of the company intranet while connected; for example, google.com or
> en.wikipedia.org are unreachable and I receive '503 Gateway' errors
> when navigating to external URLS.
Your VPN server is requesting a full tunnel, so that's what it gets. You
can work around this by using a 'wrapper' around the standard
vpnc-script, which changes the environment variables that tell it what
to do. See http://david.woodhou.se/vpnc-script-intel.sh for an example
which may be useful to you.
Note that the last line of it is intended to run your "normal"
vpnc-script, wherever you've put it. And you'll obviously want to change
it to set the networks that *you* want to route to the VPN.
> I am also unable to split tunnel with this connection using
> network-manager-openconnect (the infamous 'Use this connection only
> for resources on its network' option). Using openconnect from CLI with
> the default vpnc vpnc-script yields same results.
Hm, I thought we fixed that. What version of NetworkManager is this?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20111124/73c4e51f/attachment.bin>
More information about the openconnect-devel
mailing list