Am 17.10.2017 um 10:07 schrieb David Woodhouse:
> On Wed, 2017-10-11 at 22:40 +0200, Gernot Hillier wrote:
>>
>> +???????get_uplink_gw() {
>> +???????????????# If we have a specific route to VPNGATEWAY, then this is our
>> +???????????????# Internet uplink (VPN tunnel active). If tunnel is not active,
>> +???????????????# then the default route should be our uplink.
>> +???????????????uplink_route=`netstat -r -n | grep "^$VPNGATEWAY"`
>> +???????????????if [ -n "$uplink_route" ]; then
>> +???????????????????????echo "$uplink_route" | awk '{ print $2; }'
>> +???????????????else
>> +???????????????????????get_default_gw
>> +???????????????fi
>
> That isn't strictly true. I've certainly seen reports from German
> universities where they have some weird wifi setup with a VPN server on
> the *local* network, not accessible via the default route. I thought we
> fixed that... but maybe we did so only for the iproute2 case, where 'ip
> route get' works more sanely?
Well, now it gets weird.
We need this for setting up split-exclude routes which are intended to
tell your client to connect to a limited number of targets directly, not
over the VPN tunnel (in our case, they want to force people to be
connected to company's Intranet completely, but use the exclude-rules
for time-critical stuff like WebRTC).
So, for the case you describe my code should probably do the right thing
as the targets for split-exclude rules are likely not in your local
university network. Probably.
But, generally spoken, the helper function might get things wrong. Hmmmm.
--
Gernot
