On Fri, Jul 1, 2022 at 6:55 PM Sam <sam.shab...@samic.org> wrote: > I use the vpnc-script from > https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-script like > this: > sudo openconnect vpn.thecompany.com > --script=/usr/share/vpnc-scripts/vpnc-script
Cisco AnyConnect protocol, right? > The only way that I can make it work is to do this manually: > > sudo ip route del default via 192.168.0.1 > sudo ip route add default via 10.100.220.210 Hmmm… you're DELETING the default route through your Ethernet interface enp4s0, and creating a new default route through the tunnel interface. That's not really necessary: you should be able to simply do `sudo ip route add default dev tun0` *without* deleting the default route through the Ethernet interface. > But then the problem is if the VPN disconnects, I have to restart the > computer to get the network back! Why can't you simply recreate the default route through the Ethernet interface, or otherwise fix up the routing table? > But network routing doesn't work! It appears the fundamental issue here is that *you* want a default route via the VPN (that is, you want ALL of your IPv4 traffic to go through the VPN), but the VPN server gives you only a specific set of routes to include (known as "split-include" routes). OpenConnect + vpnc-script are, as far as I can tell, doing exactly what the VPN server is asking them to do. What happens if you connect to this VPN using an official Cisco client? Does it get assigned a default route, or does it only get assigned these specific split-include routes. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
