Client issue with no-route and non-routable networks
Laz C. Peterson
laz at paravis.net
Wed May 17 09:00:47 PDT 2023
Hello All —
We have some users that are working with the Cisco AnyConnect client, instead of OpenConnect client. Our goal is to provide the default route via ocserv, but not to route any private networks. That would include 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 127.0.0.0/8, 224.0.0.0/4, 169.254.0.0/16.
We’ve added the no-route directive for these networks, and everything is shown in the client except for 10.0.0.0/8. I’m not sure if this is an issue with AnyConnect or with ocserv.
Oddly enough, it also adds 224.0.0.0/4 to the routing table (both with OC and AnyConnect) with lower metrics than the physical interface.
Has anyone successfully set up ocserv to allow for all public WAN traffic to route over AnyConnect client (as well as OC) while keeping *all* local LAN traffic on the local network?
Thanks for any insight.
~Laz Peterson
More information about the openconnect-devel
mailing list