VPN on VPN
David Woodhouse
dwmw2 at infradead.org
Thu Sep 15 12:26:27 PDT 2016
On Thu, 2016-09-15 at 12:26 -0400, Jeremy Slater wrote:
> I noticed that with the standard vpnc scripts, connecting to a VPN
> (VPN B) that is only available via another VPN (VPN A) causes a loss
> of connectivity to VPN B. This is because the route to the IP
> address
> for VPN B is hard fixed to the system default gw, which is not (or at
> least not always) routed through VPN A.
>
> A simple fix seems to be to simply look up the route (route get on
> OSX, ip route get on Linux I think) and add the host to that route
> instead. Is there a reason we don't do this? I can submit a patch
> if this sounds sane.
What platform are you on? We *do* use 'ip route get' on Linux:
set_vpngateway_route() {
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
$IPROUTE route flush cache
}
If you want to make that work for OSX too, that would be great...
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160915/fe9a6c97/attachment.bin>
More information about the openconnect-devel
mailing list