[PATCH 0/4] [vpnc-script] Support for Pulse's split-exclude routes

Gernot Hillier gernot.hillier at siemens.com
Tue Oct 17 00:54:24 PDT 2017 


Am 16.10.2017 um 20:54 schrieb Daniel Lenski:
> On Wed, Oct 11, 2017 at 1:39 PM, Gernot Hillier
> <gernot.hillier at siemens.com> wrote:
>> OpenConnect already sets the according environment variables when the Pulse
>> gateway sends "split-exclude" routes, so we only need to handle them
>> in vpnc-script.
>>
>> I hope this is the right place for vpnc-script patches.
>>
>> While this is basically trivial copy-n-paste code duplication, we need some
>> preparation for script's infrastructure as it now needs to handle routes to your
>> normal Internet uplink device in addition to your VPN tunnel.
>>
>> Implemented and tested for "ip-route" as well as old-fashioned /sbin/route mode
>> of vpnc-script - so now your dream to have a Pulse VPN connection with
>> split-exclude routes on your ancient embedded device can become reality!
>>
>> Please let me know if you prefer a different patch splitup, removal of untested
>> IPv6 code or similar!
> 
> I don't have access to a VPN that provides split-exclude routes, but I
> did test your patched vpnc-script with less exotic
> AnyConnect/Juniper/GlobalProtect IPv4 VPNs that use split-include
> routes… and everything seems to work fine. (This is on Linux with
> ip-route.)
>
> I can't really ACK *all* of your changes, but they didn't break
> anything for me, and I did read them and they all make sense.

Unfortunately, I can't give you test access to our VPN  - and probably
there are no other VPNs for me to test against. ;-) So thanks for giving
it a try and partially ACKing it (I won't add you as acked-by according
to your comment, right?)!

So how to continue here? Shall we CC David or shall I send a pull
request or just wait for him or someone else to stumble upon it and
review/apply? Sorry, but the patch submission process for the
vpnc-script repo is a bit unclear to me, the webpage only mentions
patches against core code...

-- 
With kind regards,

Gernot Hillier
Siemens AG, Corporate Competence Center Embedded Linux

More information about the openconnect-devel mailing list