Losing connection with Unknown DTLS packet

Daniel Lenski dlenski at gmail.com
Tue Nov 29 14:07:58 PST 2016


On Tue, Nov 29, 2016 at 10:27 AM, Stuart Luppescu <slu at ccsr.uchicago.edu> wrote:
> Wow. That's awesome, Dan. Thanks very much. I'll definitely try it.
> Apparently, there is some opposition to split tunneling at the
> University. Here's what I heard from our departmental IT guy:
>
> I know that the default settings on the Cisco VPN client for Windows,
> Mac or Linux, will enforce a policy which blocks this, but I don't know
> whether it works with openconnect. The University does not want people
> relaying through a split connection, so they set that default policy.
>
> We'll see.

Split tunneling with OpenConnect should work fine as long as you can
come up with a list of all the servers or subnets you need to connect
to. The barriers to it are administrative, not technical.

<rant>This is why no one anywhere should ever use closed-source VPN
clients. They hijack your computer and make it do whatever the
administrators think it should do (all in the name of "security"),
rather than what you might actually want it to do.</rant>

Dan



More information about the openconnect-devel mailing list