split-tunnel for subnets?

Robert badbob at gmail.com
Mon Feb 16 14:46:55 PST 2015


I've just started to use openconnect, but is it possible to configure
split-tunneling to only pass certain subnets over the vpn and have the
rest go over the local network? I've seen examples where single ip's
are specified, but not whole subnets. For example, to achieve this in
my ipsec vpn client, I would only have 'include' rules in the policy.

Also, I'm using the windows version of openconnect (via
openconnect-gui). Interestingly enough, openconnect appears to be
configured by default to not pass traffic to the local subnet over the
vpn. Is that something configured in vpnc-script-win.js?

Thanks,
Robert



More information about the openconnect-devel mailing list