Hello, Recently, we switched to a new juniper server with new settings and ran into an issue. I don't know which setting(s) are different as this box is not my responsibility. While I was able to connect and authenticate with the juniper server 100% of the time, I was unable to do anything else 95% of the time. tun0 was up, and it certainly seemed like I was connected, but I couldn't reach anything. I found that the juniper VPN still worked 100% of the time on both a Debian server and a FreeBSD server that I have, but not any of my desktop linux systems... I was finally able to determine that the difference was in the routing table. Adding that route manually caused the VPN to finally work for me again. The missing route in question: Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0 By putting debugging statements into the vpnc-script, I finally determined that the route was being added, and then was almost always being removed almost immediately after the route was added. I determined that no code in the vpnc-script was responsible for removing the route. I finally took a guess that maybe it was network-manager. I stopped the network-manager service, and my routing table was correct every time I connected to the juniper VPN. However, leaving network-manager off for me was not really a solution. As a superior workaround, I created a post connect hook '/etc/vpnc/post-connect.d/replace' with the following contents: /sbin/ip route replace default dev tun0 (don't forget to chmod +x this script). I don't think anything can be done for openconnect to address this issue as it seems to be on the network-manager side, but I thought I'd share this in case anyone else runs into this. I also suspect that this isn't specific to openconnect's juniper functionality. Thanks! -Cameron
