IPv6 default route not set using OpenConnect

David Woodhouse dwmw2 at infradead.org
Tue Mar 12 10:37:44 EDT 2013


On Tue, 2013-02-19 at 09:50 +0000, shouldbe q931 wrote:
> 
> I know that I could set the default route manually, but wondered if I
> misconfigured something, or had hit a bug.
> 
> I've gone back through the mailing list archives to July 2012, but
> couldn't see anything that might reference this.

The behaviour of vpnc-script goes something like this:

 If there are 'split include' routes listed, set those routes only.
 Else, set the default route (ignoring 'split exclude').

The fact that it ignores 'split excludes' is a bug, but nobody's ever
cared because fairly much nobody ever uses them AFAICT.

Your routing *does* have split includes... but only for Legacy IP. I
suppose we're supposed to route those Legacy IP ranges *and* the default
IPv6 route through the VPN?

Looking at the current version of the vpnc-script, it looks like it
*ought* to get this right. Since $CISCO_IPV6_SPLIT_INC isn't (well,
shouldn't be) set, it should set the default route.

Firstly, can you check that your vpnc-script is up to date. Download the
latest version which is linked from
http://www.infradead.org/openconnect/vpnc-script.html and try using that
(make it executable and use the --vpnc-script argument).

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130312/171a32d2/attachment.bin>


More information about the openconnect-devel mailing list