On Tue, 2013-02-19 at 09:50 +0000, shouldbe q931 wrote: > > I know that I could set the default route manually, but wondered if I > misconfigured something, or had hit a bug. > > I've gone back through the mailing list archives to July 2012, but > couldn't see anything that might reference this. The behaviour of vpnc-script goes something like this: If there are 'split include' routes listed, set those routes only. Else, set the default route (ignoring 'split exclude'). The fact that it ignores 'split excludes' is a bug, but nobody's ever cared because fairly much nobody ever uses them AFAICT. Your routing *does* have split includes... but only for Legacy IP. I suppose we're supposed to route those Legacy IP ranges *and* the default IPv6 route through the VPN? Looking at the current version of the vpnc-script, it looks like it *ought* to get this right. Since $CISCO_IPV6_SPLIT_INC isn't (well, shouldn't be) set, it should set the default route. Firstly, can you check that your vpnc-script is up to date. Download the latest version which is linked from http://www.infradead.org/openconnect/vpnc-script.html and try using that (make it executable and use the --vpnc-script argument). -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130312/171a32d2/attachment.bin>
