On Fri, Jun 22, 2018 at 11:24 PM, Jeroen Balduyck <jeroen.balduyck at gmail.com> wrote: > Hi Daniel > > disclaimer: I'm a network engineer but will weak Linux knowledge. I'm > trying to change that though. I'm definitely *not* a network engineer, just a Linux user/coder. You probably want to read up on iptables, which can do much of what you're looking for. > It took me moment to realise but your script is meant to send traffic > over the VPN based on destination IP addresses. I want to send traffic > over the VPN based on source addresses. > I think PBR is, as far as I know, the only way to do this apart from > routed VPN-protocols. Something else that is "missing" in the default > vpnc-script is the ability to set a metric per tunnel interface. > But I'm looking to adapt the script to allow this. Or did I give you > some ideas for feature requests :-) So you want to run multiple openconnect instances on a router-ish middlebox, and then forward their traffic to one VPN or another based on the source address? This is definitely something that iptables forwarding rules could do? While vpn-slice certainly isn't set up in any way to do this right now, it's well within the realm of possibility to modify it, or to write a similar vpnc-script replacement to handle it. Dan
