Routing setup with --script-tun

David Woodhouse dwmw2 at
Sun Dec 2 16:44:06 EST 2012

On Sun, 2012-12-02 at 11:35 -0800, Kevin Cernekee wrote:
> All of this assumes that the user will not try to send local (non-VPN)
> traffic through the proxy.

Given that assumption, it's fairly sane — with the potential exception
of $CISCO_PROXY_PAC... but if you're doing a SOCKS proxy, and not an
HTTP proxy, then it's not clear what you would do with that anyway.

I could contrive a scenario in which your assumption isn't valid — for
example if you want stuff to 'just work' regardless of whether you're
contacting a machine inside or outside the VPN, and don't want to have
to manually enable/disable SOCKS support. A user might want to just
configure their software to use SOCKS for everything, and have it the
SOCKS proxy do the right thing.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list