OpenConnect already sets the according environment variables when the Pulse gateway sends "split-exclude" routes, so we only need to handle them in vpnc-script. Sorry for the delay in sending v3. We hopefully get an official Siemens approval for OpenConnect on Linux clients soon, so it would be great if you could apply patch no. 1 which is mandatory for us. Feel free to ignore or apply patches 2 and 3 if considered useful. Patch history: Original series (submitted 2017-10-11): - assumed split-exclude targets and VPN gateway are reachable via the same uplink v2 (submitted 2017-10-30): - re-use current routing information for the "ip route" case for split-exclude routes, only guess about correct uplink for /sbin/route case - patches are now independent of each other, but I chose to leave them in the same series for better comparability. - throw away untested IPv6 code v3: - re-add IPv6 support - re-order patches to ease application of patch no. 1 only Original patches were tested successfully on Linux and FreeBSD and "partially-acked" by dlenski at gmail.com. v3 is successfully tested on Linux using "ip route" and /sbin/route mode. Unfortunately, our (scarce) BSD users had no chance to test v3 so far and I didn't want to further delay patch submission. Gernot Hillier (3): Support split-exclude rules from Pulse gateway Revive route cleanup for /sbin/route code Support routes with different devs and gateways vpnc-script | 193 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 169 insertions(+), 24 deletions(-) -- 2.13.6
