Hi, we just stumbled about a weird bug in OpenConnect in conjunction with the vpnc-script from http://git.infradead.org/users/dwmw2/vpnc-scripts.git. Possibly caused by a misconfiguration on our side, but I think it could be solved pretty easily in vpnc-script Our ASA is at the IP address x.x.254.40. It returns X-CSTP-Address: x.x.48.207 X-CSTP-Netmask: 255.255.0.0 i.e. a wrong netmask. What happens now is do_connect() in vpnc-script invokes do_ifconfig(), which configures a route to x.x.48.207/255.255.0.0 = x.x.0.0/16 to the tun interface. After that do_connect() invokes set_vpngateway_route(), which retrieves the route for x.x.254.40 (at this moment already pointing to tun0) and sets a hostroute. And we have a very pretty endless recursion. Proposed solution: reorder do_ifconfig() and set_vpngateway_route(), since setting the hostroute to the gateway should always operate on the previous routingtable. Very basic git patch attached. Best Regards, Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-setting-route-to-gateway-with-wrong-netmask.patch Type: text/x-patch Size: 746 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20100122/380e9624/attachment.bin>
