On Tue, Mar 12, 2013 at 2:37 PM, David Woodhouse <dwmw2 at infradead.org> wrote: > On Tue, 2013-02-19 at 09:50 +0000, shouldbe q931 wrote: >> >> I know that I could set the default route manually, but wondered if I >> misconfigured something, or had hit a bug. >> >> I've gone back through the mailing list archives to July 2012, but >> couldn't see anything that might reference this. > > The behaviour of vpnc-script goes something like this: > > If there are 'split include' routes listed, set those routes only. > Else, set the default route (ignoring 'split exclude'). > > The fact that it ignores 'split excludes' is a bug, but nobody's ever > cared because fairly much nobody ever uses them AFAICT. > > Your routing *does* have split includes... but only for Legacy IP. I > suppose we're supposed to route those Legacy IP ranges *and* the default > IPv6 route through the VPN? > > Looking at the current version of the vpnc-script, it looks like it > *ought* to get this right. Since $CISCO_IPV6_SPLIT_INC isn't (well, > shouldn't be) set, it should set the default route. > > Firstly, can you check that your vpnc-script is up to date. Download the > latest version which is linked from > http://www.infradead.org/openconnect/vpnc-script.html and try using that > (make it executable and use the --vpnc-script argument). > > -- > dwmw2 Yes, the split include is for IPv4, and but IPv6 should be for all traffic. If it would be useful, I can also test removing the split include. I am not using (and have never seen used) split exclude. The vpnc-script changelog on ubuntu lists the below as the most recent change --------------------------------------- vpnc-scripts (0.1~git20120602-2) unstable; urgency=low * Add Vcs-* fields for the collab-maint git repository. * Move iproute from Depends to Recommends, vpnc-script can work around it if not available. -- Mike Miller <mtmiller at ieee.org> Wed, 06 Jun 2012 06:58:46 -0400 --------------------------------------- I renamed the version from the repo, and copied the one from infradead into usr/share/vpnc-scripts/vpnc-script I'll test this evening when I'm "outside" the network. Cheers Arne
