Weird problem connecting using AnyConnect 3.1.05152 under Windows
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Jan 28 02:11:25 EST 2014
On 01/28/2014 07:15 AM, Kevin Cernekee wrote:
>> I have the same problem. AnyConnect has two modes: Split Route, that
>> means that only some routes will be provided over the VPN and others
>> will go directly and Full Mode where the default route goes over the
>> VPN. ocserv currently announces to anyconnect the split mode. The
>> problem is that with the split mode you can not push the default route
>> or at least not in an obvious way. Pushing other routes works. I have a
>> Cisco ASA which I have configured for both modes (split and full) but
>> the Cisco ASA is currently offline and I'm 3000 kms away on a business
>> trip. As soon as I'm back on Sunday I want to take it back online and
>> find out how the full route is announced and than let the list know.
> To set ocserv as the default gateway, I just commented out the "route
> = " lines in the config file. This stops it from sending the
> "X-CSTP-Split-Include:" headers.
> This seems to be equivalent to "split-tunnel-policy tunnelall" on an ASA.
Nice catch. I'll document that.
regards,
Nikos
More information about the openconnect-devel
mailing list