vpnc-scripts patch to support split tunneling in windows.

Diego Garcia del Rio garci66 at gmail.com
Tue Jun 23 10:22:22 EDT 2020 

Dear list,

Please see the attached patch to add support for split tunneling ipv4
routes in windows hosts. (this is for the option using
CISCO_SPLIT_EXC, which complements the already supported
CISCO_SPLIT_INC

I've been running this patch on my machine for the past few months
without issues. Routes get properly cleaned up when the session is
closed as well.


>From 9e32539246d0399348e50fe155b184d8472e7b3a Mon Sep 17 00:00:00 2001
From: Diego Garcia del Rio <garci66 at gmail.com>
Date: Tue, 31 Mar 2020 17:49:11 -0300
Subject: [PATCH] Add support excluded routes in split-tunnel mode

---
 vpnc-script-win.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/vpnc-script-win.js b/vpnc-script-win.js
index 673a28d..423697d 100644
--- a/vpnc-script-win.js
+++ b/vpnc-script-win.js
@@ -188,6 +188,21 @@ case "connect":
  exec("route add 128.0.0.0 mask 128.0.0.0 " + internal_gw);
  }
  }
+ // Add excluded routes
+ if (env("CISCO_SPLIT_EXC")) {
+ // Waiting for the interface to be configured before to add routes
+ if (!waitForInterface()) {
+ echo("Interface does not seem to be up.");
+ }
+
+ for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_EXC")); i++) {
+ var network = env("CISCO_SPLIT_EXC_" + i + "_ADDR");
+ var netmask = env("CISCO_SPLIT_EXC_" + i + "_MASK");
+ var netmasklen = env("CISCO_SPLIT_EXC_" + i + "_MASKLEN");
+ exec("route add " + network + " mask " + netmask +
+ " " + gw);
+ }
+ }
  echo("Route configuration done.");

  if (env("INTERNAL_IP6_ADDRESS")) {
@@ -269,6 +284,17 @@ case "disconnect":
  exec("route delete " + network);
  }
  }
+
+ // Take Down IPv4 Split Tunnel Excluded Network Routes
+ if (env("CISCO_SPLIT_EXC")) {
+ echo("Removing IPv4 Split Tunnel Excluded Network Routes:");
+ for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_EXC")); i++) {
+ var network = env("CISCO_SPLIT_EXC_" + i + "_ADDR");
+ var netmask = env("CISCO_SPLIT_EXC_" + i + "_MASK");
+ var netmasklen = env("CISCO_SPLIT_EXC_" + i + "_MASKLEN");
+ exec("route delete " + network + " mask " + netmask );
+ }
+ }
 }

 if (env("LOG2FILE")) {


Signed-off-by: Diego Garcia del Rio <garci66 at gmail.com>

I had submitted this as a PR in the github repository without
realising it seems to be a "read-only" mirror.

Best Regards,

More information about the openconnect-devel mailing list