How do I tell openconnect to use the VPN only for its route and DNS?
Kevin Cernekee
cernekee at gmail.com
Tue Apr 23 17:15:23 EDT 2013
On Tue, Apr 23, 2013 at 1:53 PM, Robert James <srobertjames at gmail.com> wrote:
> I would like to set up openconnect in a secondary way. That is, it should:
> * Only use the tun device for the specific nets on the VPN, but keep
> my default device and route for all other IPs
> * Not change any DNS settings
>
> In other words: add a route for the specific networks that are
> internal to the VPN, but make no other changes.
I would look at overriding set_default_route(), reset_default_route(),
MODIFYRESOLVCONF, and RESTORERESOLVCONF in vpnc-script. See also:
http://www.infradead.org/openconnect/vpnc-script.html
Another approach is to run ocproxy, which avoids using a tun device
entirely and "hides" the VPN behind a SOCKS proxy daemon. One
advantage of ocproxy is that DNS for VPN hosts would still work; a
disadvantage is that not all services work well over a SOCKS proxy.
More information about the openconnect-devel
mailing list