Routing setup with --script-tun
Kevin Cernekee
cernekee at gmail.com
Sun Dec 2 14:35:09 EST 2012
David W,
Is it reasonable to assume that an IPv4 tunnel script (such as
ocproxy) only really needs to look at these settings:
INTERNAL_IP4_ADDRESS / INTERNAL_IP4_MTU (basic IP configuration)
INTERNAL_IP4_DNS / CISCO_DEF_DOMAIN (if DNS is used)
INTERNAL_IP4_NBNS (if Windows networking is used)
And that INTERNAL_IP4_NETMASK, INTERNAL_IP4_NETADDR,
INTERNAL_IP4_NETMASKLEN, VPNGATEWAY, CISCO_SPLIT_* can be safely
ignored, because all IP datagrams, regardless of destination subnet,
are sent the same way over the VPN tunnel?
I ran a quick sanity test that seemed to confirm this, but I'd like to
make sure there aren't any other cases to worry about.
All of this assumes that the user will not try to send local (non-VPN)
traffic through the proxy.
Thanks.
More information about the openconnect-devel
mailing list