On Tue, 2023-06-06 at 10:09 +0200, Michael Herzhauser wrote:
> Hello,
>
> I've setup Ocserv in my corporate network with split tunneling and it's
> working good so far.
> However some of my colleagues in home office need to connect to some cloud
> servers of
> our customers, which implement IP whitelisting to our company's public IP.
> Due to split tunneling, requests to these cloud servers are not routed via
> VPN but the normal
> internet connection and the connection gets blocked.
>
> Therefore I'd like to add a route based on the domain name of these servers
> (public IPs of these servers are dynamically assigned and change
> frequently), but didn't find
> any information about that. All the examples in the config file only use IP
> addresses.
>
> Is it even possible? And if so, any info on syntax (e.g wildcards for
> subdomains) would be great to have.
> Otherwise I'd have to convert to "tunnel all", which I'm trying to avoid.
I think we did have something like this implemented on the client side
in ConnMan once. It would monitor the DNS lookups and automatically add
routes to the target IP address.
Probably easier to do it with a proxy PAC file though, and set the
relevant domains to use a proxy within your corporate network.
smime.p7s
Description: S/MIME cryptographic signature
___
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
