On Tue, Nov 29, 2016 at 10:27 AM, Stuart Luppescu <slu at ccsr.uchicago.edu> wrote: > Wow. That's awesome, Dan. Thanks very much. I'll definitely try it. > Apparently, there is some opposition to split tunneling at the > University. Here's what I heard from our departmental IT guy: > > I know that the default settings on the Cisco VPN client for Windows, > Mac or Linux, will enforce a policy which blocks this, but I don't know > whether it works with openconnect. The University does not want people > relaying through a split connection, so they set that default policy. > > We'll see. Split tunneling with OpenConnect should work fine as long as you can come up with a list of all the servers or subnets you need to connect to. The barriers to it are administrative, not technical. <rant>This is why no one anywhere should ever use closed-source VPN clients. They hijack your computer and make it do whatever the administrators think it should do (all in the name of "security"), rather than what you might actually want it to do.</rant> Dan
