I've just started to use openconnect, but is it possible to configure split-tunneling to only pass certain subnets over the vpn and have the rest go over the local network? I've seen examples where single ip's are specified, but not whole subnets. For example, to achieve this in my ipsec vpn client, I would only have 'include' rules in the policy. Also, I'm using the windows version of openconnect (via openconnect-gui). Interestingly enough, openconnect appears to be configured by default to not pass traffic to the local subnet over the vpn. Is that something configured in vpnc-script-win.js? Thanks, Robert
