Am 16.10.2017 um 20:54 schrieb Daniel Lenski: > On Wed, Oct 11, 2017 at 1:39 PM, Gernot Hillier > <gernot.hillier at siemens.com> wrote: >> OpenConnect already sets the according environment variables when the Pulse >> gateway sends "split-exclude" routes, so we only need to handle them >> in vpnc-script. >> >> I hope this is the right place for vpnc-script patches. >> >> While this is basically trivial copy-n-paste code duplication, we need some >> preparation for script's infrastructure as it now needs to handle routes to your >> normal Internet uplink device in addition to your VPN tunnel. >> >> Implemented and tested for "ip-route" as well as old-fashioned /sbin/route mode >> of vpnc-script - so now your dream to have a Pulse VPN connection with >> split-exclude routes on your ancient embedded device can become reality! >> >> Please let me know if you prefer a different patch splitup, removal of untested >> IPv6 code or similar! > > I don't have access to a VPN that provides split-exclude routes, but I > did test your patched vpnc-script with less exotic > AnyConnect/Juniper/GlobalProtect IPv4 VPNs that use split-include > routes? and everything seems to work fine. (This is on Linux with > ip-route.) > > I can't really ACK *all* of your changes, but they didn't break > anything for me, and I did read them and they all make sense. Unfortunately, I can't give you test access to our VPN - and probably there are no other VPNs for me to test against. ;-) So thanks for giving it a try and partially ACKing it (I won't add you as acked-by according to your comment, right?)! So how to continue here? Shall we CC David or shall I send a pull request or just wait for him or someone else to stumble upon it and review/apply? Sorry, but the patch submission process for the vpnc-script repo is a bit unclear to me, the webpage only mentions patches against core code... -- With kind regards, Gernot Hillier Siemens AG, Corporate Competence Center Embedded Linux
