Routing setup with --script-tun

David Edmondson dme at
Mon Dec 3 05:17:27 EST 2012

On 2 Dec 2012, at 21:44, David Woodhouse <dwmw2 at> wrote:
> I could contrive a scenario in which your assumption isn't valid — for
> example if you want stuff to 'just work' regardless of whether you're
> contacting a machine inside or outside the VPN, and don't want to have
> to manually enable/disable SOCKS support. A user might want to just
> configure their software to use SOCKS for everything, and have it the
> SOCKS proxy do the right thing.

This would imply that the SOCKS server is running when the VPN is down. That's not the case with ocproxy. One could chain a normal SOCKS proxy in front of ocproxy, of course, but then the configuration that you describe would be part of that proxy rather than ocproxy.

More information about the openconnect-devel mailing list