On Tue, Apr 23, 2013 at 1:53 PM, Robert James <srobertjames at gmail.com> wrote: > I would like to set up openconnect in a secondary way. That is, it should: > * Only use the tun device for the specific nets on the VPN, but keep > my default device and route for all other IPs > * Not change any DNS settings > > In other words: add a route for the specific networks that are > internal to the VPN, but make no other changes. I would look at overriding set_default_route(), reset_default_route(), MODIFYRESOLVCONF, and RESTORERESOLVCONF in vpnc-script. See also: http://www.infradead.org/openconnect/vpnc-script.html Another approach is to run ocproxy, which avoids using a tun device entirely and "hides" the VPN behind a SOCKS proxy daemon. One advantage of ocproxy is that DNS for VPN hosts would still work; a disadvantage is that not all services work well over a SOCKS proxy.
