On Mon, Jan 27, 2014 at 9:37 PM, Thomas Glanzmann <thomas at glanzmann.de> wrote: > Hello Tony, > >> Thanks for providing the version. Just a side note, do you have >> experience setting the server as the default gateway (i.e., all >> traffic goes through the server) using ocserv? I tried to set the >> route as 0.0.0.0/0.0.0.0 however the iOS client did not forward all >> its traffic through the server. > > I have the same problem. AnyConnect has two modes: Split Route, that > means that only some routes will be provided over the VPN and others > will go directly and Full Mode where the default route goes over the > VPN. ocserv currently announces to anyconnect the split mode. The > problem is that with the split mode you can not push the default route > or at least not in an obvious way. Pushing other routes works. I have a > Cisco ASA which I have configured for both modes (split and full) but > the Cisco ASA is currently offline and I'm 3000 kms away on a business > trip. As soon as I'm back on Sunday I want to take it back online and > find out how the full route is announced and than let the list know. To set ocserv as the default gateway, I just commented out the "route = " lines in the config file. This stops it from sending the "X-CSTP-Split-Include:" headers. This seems to be equivalent to "split-tunnel-policy tunnelall" on an ASA.
