Losing connection with Unknown DTLS packet
Daniel Lenski
dlenski at gmail.com
Tue Nov 29 09:29:07 PST 2016
On Mon, Nov 28, 2016 at 7:42 PM, Stuart Luppescu <slu at ccsr.uchicago.edu> wrote:
> On Mon, 2016-11-28 at 16:34 -0800, Daniel Lenski wrote:
>> Why are you sending all your internet-bound traffic through the VPN
>> if it's not necessary to do so? Sounds like you want to do split
>> tunneling.
>
> I was not aware of this before but it sounds like a good thing to do.
> Do I just export those environment variables that start with
> CISCO_SPLIT_INC and start the script as usual?
Here's a tutorial on how to wrap the default vpnc-script to do split
tunneling: https://gist.github.com/jagtesh/5531300
If you only need to access a few hosts behind the VPN, then have a
look at vpn-slice, which I wrote to make this
simpler: http://github.com/dlenski/vpn-slice.
It's a Linux-only drop-in replacement for the vpnc-script. It ignores
the routing configuration sent by the VPN gateway, and only routes
traffic to specific hosts or subnets through the VPN, and leaves
everything else alone. For example:
openconnect gateway.company.com \
--script 'vpn-slice myhost myotherhost 192.168.0.0/16'
That will only route traffic to the two named hosts and one subnet
through the VPN. It will not change your DNS configuration either, but
it will do a DNS lookup for the two hosts using the VPN's DNS servers,
and add them to /etc/hosts, so that you can refer to them by name.
Dan
More information about the openconnect-devel
mailing list