On Wed, Oct 11, 2017 at 1:39 PM, Gernot Hillier <gernot.hillier at siemens.com> wrote: > OpenConnect already sets the according environment variables when the Pulse > gateway sends "split-exclude" routes, so we only need to handle them > in vpnc-script. > > I hope this is the right place for vpnc-script patches. > > While this is basically trivial copy-n-paste code duplication, we need some > preparation for script's infrastructure as it now needs to handle routes to your > normal Internet uplink device in addition to your VPN tunnel. > > Implemented and tested for "ip-route" as well as old-fashioned /sbin/route mode > of vpnc-script - so now your dream to have a Pulse VPN connection with > split-exclude routes on your ancient embedded device can become reality! > > Please let me know if you prefer a different patch splitup, removal of untested > IPv6 code or similar! I don't have access to a VPN that provides split-exclude routes, but I did test your patched vpnc-script with less exotic AnyConnect/Juniper/GlobalProtect IPv4 VPNs that use split-include routes? and everything seems to work fine. (This is on Linux with ip-route.) I can't really ACK *all* of your changes, but they didn't break anything for me, and I did read them and they all make sense. -Dan
