[PATCH 0/4] [vpnc-script] Support for Pulse's split-exclude routes
Daniel Lenski
dlenski at gmail.com
Mon Oct 16 11:54:22 PDT 2017
On Wed, Oct 11, 2017 at 1:39 PM, Gernot Hillier
<gernot.hillier at siemens.com> wrote:
> OpenConnect already sets the according environment variables when the Pulse
> gateway sends "split-exclude" routes, so we only need to handle them
> in vpnc-script.
>
> I hope this is the right place for vpnc-script patches.
>
> While this is basically trivial copy-n-paste code duplication, we need some
> preparation for script's infrastructure as it now needs to handle routes to your
> normal Internet uplink device in addition to your VPN tunnel.
>
> Implemented and tested for "ip-route" as well as old-fashioned /sbin/route mode
> of vpnc-script - so now your dream to have a Pulse VPN connection with
> split-exclude routes on your ancient embedded device can become reality!
>
> Please let me know if you prefer a different patch splitup, removal of untested
> IPv6 code or similar!
I don't have access to a VPN that provides split-exclude routes, but I
did test your patched vpnc-script with less exotic
AnyConnect/Juniper/GlobalProtect IPv4 VPNs that use split-include
routes… and everything seems to work fine. (This is on Linux with
ip-route.)
I can't really ACK *all* of your changes, but they didn't break
anything for me, and I did read them and they all make sense.
-Dan
More information about the openconnect-devel
mailing list