IPv6 default route not set using OpenConnect
shouldbe q931
shouldbeq931 at gmail.com
Wed Mar 13 09:55:02 EDT 2013
On Tue, Mar 12, 2013 at 2:37 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2013-02-19 at 09:50 +0000, shouldbe q931 wrote:
>>
>> I know that I could set the default route manually, but wondered if I
>> misconfigured something, or had hit a bug.
>>
>> I've gone back through the mailing list archives to July 2012, but
>> couldn't see anything that might reference this.
>
> The behaviour of vpnc-script goes something like this:
>
> If there are 'split include' routes listed, set those routes only.
> Else, set the default route (ignoring 'split exclude').
>
> The fact that it ignores 'split excludes' is a bug, but nobody's ever
> cared because fairly much nobody ever uses them AFAICT.
>
> Your routing *does* have split includes... but only for Legacy IP. I
> suppose we're supposed to route those Legacy IP ranges *and* the default
> IPv6 route through the VPN?
>
> Looking at the current version of the vpnc-script, it looks like it
> *ought* to get this right. Since $CISCO_IPV6_SPLIT_INC isn't (well,
> shouldn't be) set, it should set the default route.
>
> Firstly, can you check that your vpnc-script is up to date. Download the
> latest version which is linked from
> http://www.infradead.org/openconnect/vpnc-script.html and try using that
> (make it executable and use the --vpnc-script argument).
>
> --
> dwmw2
Yes, the split include is for IPv4, and but IPv6 should be for all traffic.
If it would be useful, I can also test removing the split include.
I am not using (and have never seen used) split exclude.
The vpnc-script changelog on ubuntu lists the below as the most recent change
---------------------------------------
vpnc-scripts (0.1~git20120602-2) unstable; urgency=low
* Add Vcs-* fields for the collab-maint git repository.
* Move iproute from Depends to Recommends, vpnc-script can work
around it if not available.
-- Mike Miller <mtmiller at ieee.org> Wed, 06 Jun 2012 06:58:46 -0400
---------------------------------------
I renamed the version from the repo, and copied the one from infradead
into usr/share/vpnc-scripts/vpnc-script
I'll test this evening when I'm "outside" the network.
Cheers
Arne
More information about the openconnect-devel
mailing list