OpenConnect: Setting default routes
Clash Royale CLAN TAG#URR8PPP
9
I'm trying to use OpenConnect to connect to my company's Cisco VPN (AnyConnect)
The connection seems to work just fine, what I'm not understanding is how to set up routing. I'm doing this from the command line.
I use the default VPN script to connect like this:
openconnect -u MyUserName --script path_to_vpnc_script myvpngateway.example.com
I type in my password, and I'm connected fine, but my default route has changed to force all traffic down the VPN link, whereas I just want company traffic down the VPN link.
Are there some variables that I need to be putting into the vpnc-script? It's not very clear how this is done.
routing openconnect
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
add a comment |
9
I'm trying to use OpenConnect to connect to my company's Cisco VPN (AnyConnect)
The connection seems to work just fine, what I'm not understanding is how to set up routing. I'm doing this from the command line.
I use the default VPN script to connect like this:
openconnect -u MyUserName --script path_to_vpnc_script myvpngateway.example.com
I type in my password, and I'm connected fine, but my default route has changed to force all traffic down the VPN link, whereas I just want company traffic down the VPN link.
Are there some variables that I need to be putting into the vpnc-script? It's not very clear how this is done.
routing openconnect
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
add a comment |
9
9
9
8
I'm trying to use OpenConnect to connect to my company's Cisco VPN (AnyConnect)
The connection seems to work just fine, what I'm not understanding is how to set up routing. I'm doing this from the command line.
I use the default VPN script to connect like this:
openconnect -u MyUserName --script path_to_vpnc_script myvpngateway.example.com
I type in my password, and I'm connected fine, but my default route has changed to force all traffic down the VPN link, whereas I just want company traffic down the VPN link.
Are there some variables that I need to be putting into the vpnc-script? It's not very clear how this is done.
routing openconnect
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
I'm trying to use OpenConnect to connect to my company's Cisco VPN (AnyConnect)
The connection seems to work just fine, what I'm not understanding is how to set up routing. I'm doing this from the command line.
I use the default VPN script to connect like this:
openconnect -u MyUserName --script path_to_vpnc_script myvpngateway.example.com
I type in my password, and I'm connected fine, but my default route has changed to force all traffic down the VPN link, whereas I just want company traffic down the VPN link.
Are there some variables that I need to be putting into the vpnc-script? It's not very clear how this is done.
routing openconnect
routing openconnect
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
edited Aug 5 '15 at 22:33
Gilles
541k12810941610
541k12810941610
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
asked Aug 5 '15 at 16:02
Aditya KAditya K
789821
789821
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
13
This answer is as follows:
Use the following bash wrapper script to call the vpnc-script. In the wrapper script, the routes to be used for the VPN connection can be specified via a ROUTES variable.
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
# Helpers to create dotted-quad netmask strings.
MASKS[1]="128.0.0.0"
MASKS[2]="192.0.0.0"
MASKS[3]="224.0.0.0"
MASKS[4]="240.0.0.0"
MASKS[5]="248.0.0.0"
MASKS[6]="252.0.0.0"
MASKS[7]="254.0.0.0"
MASKS[8]="255.0.0.0"
MASKS[9]="255.128.0.0"
MASKS[10]="255.192.0.0"
MASKS[11]="255.224.0.0"
MASKS[12]="255.240.0.0"
MASKS[13]="255.248.0.0"
MASKS[14]="255.252.0.0"
MASKS[15]="255.254.0.0"
MASKS[16]="255.255.0.0"
MASKS[17]="255.255.128.0"
MASKS[18]="255.255.192.0"
MASKS[19]="255.255.224.0"
MASKS[20]="255.255.240.0"
MASKS[21]="255.255.248.0"
MASKS[22]="255.255.252.0"
MASKS[23]="255.255.254.0"
MASKS[24]="255.255.255.0"
MASKS[25]="255.255.255.128"
MASKS[26]="255.255.255.192"
MASKS[27]="255.255.255.224"
MASKS[28]="255.255.255.240"
MASKS[29]="255.255.255.248"
MASKS[30]="255.255.255.252"
MASKS[31]="255.255.255.254"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASK=$MASKS[$ROUTE##*/]
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
exec /etc/openconnect/vpnc-script
Then connect as follows:
openconnect -u myusername --script wrapper-script -b vpngateway.example.com
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
3
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
3
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!
– Envek
Apr 25 '17 at 15:24
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
add a comment |
0
Here's a script which does split-tunnelling on both IPv4 and IPv6 networks (based on the script Aditya K provided, which still allowed caused all IPv6 traffic to be routed to the VPN). Note also that the setting of CISCO_SPLIT_INC_$N_MASK variables no longer appears to be needed):
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
ROUTES6="1ef2:23e:5a4::0/48"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
export CISCO_IPV6_SPLIT_INC=0
# Do the same for IPv6
function addroute6()
local ROUTE="$1"
local NET="$ROUTE%%/*"
local MASKLEN="$ROUTE##*/"
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_ADDR=$NET
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_MASKLEN=$MASKLEN
export CISCO_IPV6_SPLIT_INC=$(($CISCO_IPV6_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
for r in $ROUTES6; do
addroute6 $r
done
exec /etc/openconnect/vpnc-script
answered Feb 13 at 21:14
atrusatrus
113
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f220380%2fopenconnect-setting-default-routes%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
13
This answer is as follows:
Use the following bash wrapper script to call the vpnc-script. In the wrapper script, the routes to be used for the VPN connection can be specified via a ROUTES variable.
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
# Helpers to create dotted-quad netmask strings.
MASKS[1]="128.0.0.0"
MASKS[2]="192.0.0.0"
MASKS[3]="224.0.0.0"
MASKS[4]="240.0.0.0"
MASKS[5]="248.0.0.0"
MASKS[6]="252.0.0.0"
MASKS[7]="254.0.0.0"
MASKS[8]="255.0.0.0"
MASKS[9]="255.128.0.0"
MASKS[10]="255.192.0.0"
MASKS[11]="255.224.0.0"
MASKS[12]="255.240.0.0"
MASKS[13]="255.248.0.0"
MASKS[14]="255.252.0.0"
MASKS[15]="255.254.0.0"
MASKS[16]="255.255.0.0"
MASKS[17]="255.255.128.0"
MASKS[18]="255.255.192.0"
MASKS[19]="255.255.224.0"
MASKS[20]="255.255.240.0"
MASKS[21]="255.255.248.0"
MASKS[22]="255.255.252.0"
MASKS[23]="255.255.254.0"
MASKS[24]="255.255.255.0"
MASKS[25]="255.255.255.128"
MASKS[26]="255.255.255.192"
MASKS[27]="255.255.255.224"
MASKS[28]="255.255.255.240"
MASKS[29]="255.255.255.248"
MASKS[30]="255.255.255.252"
MASKS[31]="255.255.255.254"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASK=$MASKS[$ROUTE##*/]
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
exec /etc/openconnect/vpnc-script
Then connect as follows:
openconnect -u myusername --script wrapper-script -b vpngateway.example.com
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
3
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
3
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!
– Envek
Apr 25 '17 at 15:24
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
add a comment |
13
This answer is as follows:
Use the following bash wrapper script to call the vpnc-script. In the wrapper script, the routes to be used for the VPN connection can be specified via a ROUTES variable.
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
# Helpers to create dotted-quad netmask strings.
MASKS[1]="128.0.0.0"
MASKS[2]="192.0.0.0"
MASKS[3]="224.0.0.0"
MASKS[4]="240.0.0.0"
MASKS[5]="248.0.0.0"
MASKS[6]="252.0.0.0"
MASKS[7]="254.0.0.0"
MASKS[8]="255.0.0.0"
MASKS[9]="255.128.0.0"
MASKS[10]="255.192.0.0"
MASKS[11]="255.224.0.0"
MASKS[12]="255.240.0.0"
MASKS[13]="255.248.0.0"
MASKS[14]="255.252.0.0"
MASKS[15]="255.254.0.0"
MASKS[16]="255.255.0.0"
MASKS[17]="255.255.128.0"
MASKS[18]="255.255.192.0"
MASKS[19]="255.255.224.0"
MASKS[20]="255.255.240.0"
MASKS[21]="255.255.248.0"
MASKS[22]="255.255.252.0"
MASKS[23]="255.255.254.0"
MASKS[24]="255.255.255.0"
MASKS[25]="255.255.255.128"
MASKS[26]="255.255.255.192"
MASKS[27]="255.255.255.224"
MASKS[28]="255.255.255.240"
MASKS[29]="255.255.255.248"
MASKS[30]="255.255.255.252"
MASKS[31]="255.255.255.254"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASK=$MASKS[$ROUTE##*/]
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
exec /etc/openconnect/vpnc-script
Then connect as follows:
openconnect -u myusername --script wrapper-script -b vpngateway.example.com
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
3
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
3
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!
– Envek
Apr 25 '17 at 15:24
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
add a comment |
13
13
13
This answer is as follows:
Use the following bash wrapper script to call the vpnc-script. In the wrapper script, the routes to be used for the VPN connection can be specified via a ROUTES variable.
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
# Helpers to create dotted-quad netmask strings.
MASKS[1]="128.0.0.0"
MASKS[2]="192.0.0.0"
MASKS[3]="224.0.0.0"
MASKS[4]="240.0.0.0"
MASKS[5]="248.0.0.0"
MASKS[6]="252.0.0.0"
MASKS[7]="254.0.0.0"
MASKS[8]="255.0.0.0"
MASKS[9]="255.128.0.0"
MASKS[10]="255.192.0.0"
MASKS[11]="255.224.0.0"
MASKS[12]="255.240.0.0"
MASKS[13]="255.248.0.0"
MASKS[14]="255.252.0.0"
MASKS[15]="255.254.0.0"
MASKS[16]="255.255.0.0"
MASKS[17]="255.255.128.0"
MASKS[18]="255.255.192.0"
MASKS[19]="255.255.224.0"
MASKS[20]="255.255.240.0"
MASKS[21]="255.255.248.0"
MASKS[22]="255.255.252.0"
MASKS[23]="255.255.254.0"
MASKS[24]="255.255.255.0"
MASKS[25]="255.255.255.128"
MASKS[26]="255.255.255.192"
MASKS[27]="255.255.255.224"
MASKS[28]="255.255.255.240"
MASKS[29]="255.255.255.248"
MASKS[30]="255.255.255.252"
MASKS[31]="255.255.255.254"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASK=$MASKS[$ROUTE##*/]
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
exec /etc/openconnect/vpnc-script
Then connect as follows:
openconnect -u myusername --script wrapper-script -b vpngateway.example.com
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
This answer is as follows:
Use the following bash wrapper script to call the vpnc-script. In the wrapper script, the routes to be used for the VPN connection can be specified via a ROUTES variable.
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
# Helpers to create dotted-quad netmask strings.
MASKS[1]="128.0.0.0"
MASKS[2]="192.0.0.0"
MASKS[3]="224.0.0.0"
MASKS[4]="240.0.0.0"
MASKS[5]="248.0.0.0"
MASKS[6]="252.0.0.0"
MASKS[7]="254.0.0.0"
MASKS[8]="255.0.0.0"
MASKS[9]="255.128.0.0"
MASKS[10]="255.192.0.0"
MASKS[11]="255.224.0.0"
MASKS[12]="255.240.0.0"
MASKS[13]="255.248.0.0"
MASKS[14]="255.252.0.0"
MASKS[15]="255.254.0.0"
MASKS[16]="255.255.0.0"
MASKS[17]="255.255.128.0"
MASKS[18]="255.255.192.0"
MASKS[19]="255.255.224.0"
MASKS[20]="255.255.240.0"
MASKS[21]="255.255.248.0"
MASKS[22]="255.255.252.0"
MASKS[23]="255.255.254.0"
MASKS[24]="255.255.255.0"
MASKS[25]="255.255.255.128"
MASKS[26]="255.255.255.192"
MASKS[27]="255.255.255.224"
MASKS[28]="255.255.255.240"
MASKS[29]="255.255.255.248"
MASKS[30]="255.255.255.252"
MASKS[31]="255.255.255.254"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASK=$MASKS[$ROUTE##*/]
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
exec /etc/openconnect/vpnc-script
Then connect as follows:
openconnect -u myusername --script wrapper-script -b vpngateway.example.com
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
edited Aug 12 '15 at 13:25
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
answered Aug 12 '15 at 13:04
Aditya KAditya K
789821
789821
3
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
3
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!
– Envek
Apr 25 '17 at 15:24
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
add a comment |
3
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
3
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!
– Envek
Apr 25 '17 at 15:24
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
3
3
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
For anyone wondering how they can add multiple prefixes/routes to the ROUTES variable, you can do so by separating each entry with a single space. For example: ROUTES="162.73.0.0/16 162.74.0.0/16"
– Elliot B.
Apr 21 '16 at 1:15
3
3
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at
/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!– Envek
Apr 25 '17 at 15:24
On Debian 8, Ubuntu 16.04 and 17.04 default vpnc-script is located at
/usr/share/vpnc-scripts/vpnc-script, so on these OS I was need to change last string of wrapper appropriately. Thank you for your solution!– Envek
Apr 25 '17 at 15:24
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
My work VPN is 10.0.x.x so I set up ROUTES = 10.0.0.0/16 and I am using ubuntu, so I set the exec to /usr/share/vpnc-scripts/vpnc-script -- but I cannot get to the outside world. Any Ideas?
– mmaceachran
Sep 24 '18 at 23:23
add a comment |
0
Here's a script which does split-tunnelling on both IPv4 and IPv6 networks (based on the script Aditya K provided, which still allowed caused all IPv6 traffic to be routed to the VPN). Note also that the setting of CISCO_SPLIT_INC_$N_MASK variables no longer appears to be needed):
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
ROUTES6="1ef2:23e:5a4::0/48"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
export CISCO_IPV6_SPLIT_INC=0
# Do the same for IPv6
function addroute6()
local ROUTE="$1"
local NET="$ROUTE%%/*"
local MASKLEN="$ROUTE##*/"
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_ADDR=$NET
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_MASKLEN=$MASKLEN
export CISCO_IPV6_SPLIT_INC=$(($CISCO_IPV6_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
for r in $ROUTES6; do
addroute6 $r
done
exec /etc/openconnect/vpnc-script
answered Feb 13 at 21:14
atrusatrus
113
add a comment |
0
Here's a script which does split-tunnelling on both IPv4 and IPv6 networks (based on the script Aditya K provided, which still allowed caused all IPv6 traffic to be routed to the VPN). Note also that the setting of CISCO_SPLIT_INC_$N_MASK variables no longer appears to be needed):
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
ROUTES6="1ef2:23e:5a4::0/48"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
export CISCO_IPV6_SPLIT_INC=0
# Do the same for IPv6
function addroute6()
local ROUTE="$1"
local NET="$ROUTE%%/*"
local MASKLEN="$ROUTE##*/"
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_ADDR=$NET
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_MASKLEN=$MASKLEN
export CISCO_IPV6_SPLIT_INC=$(($CISCO_IPV6_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
for r in $ROUTES6; do
addroute6 $r
done
exec /etc/openconnect/vpnc-script
answered Feb 13 at 21:14
atrusatrus
113
add a comment |
0
0
0
Here's a script which does split-tunnelling on both IPv4 and IPv6 networks (based on the script Aditya K provided, which still allowed caused all IPv6 traffic to be routed to the VPN). Note also that the setting of CISCO_SPLIT_INC_$N_MASK variables no longer appears to be needed):
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
ROUTES6="1ef2:23e:5a4::0/48"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
export CISCO_IPV6_SPLIT_INC=0
# Do the same for IPv6
function addroute6()
local ROUTE="$1"
local NET="$ROUTE%%/*"
local MASKLEN="$ROUTE##*/"
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_ADDR=$NET
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_MASKLEN=$MASKLEN
export CISCO_IPV6_SPLIT_INC=$(($CISCO_IPV6_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
for r in $ROUTES6; do
addroute6 $r
done
exec /etc/openconnect/vpnc-script
answered Feb 13 at 21:14
atrusatrus
113
Here's a script which does split-tunnelling on both IPv4 and IPv6 networks (based on the script Aditya K provided, which still allowed caused all IPv6 traffic to be routed to the VPN). Note also that the setting of CISCO_SPLIT_INC_$N_MASK variables no longer appears to be needed):
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
ROUTES6="1ef2:23e:5a4::0/48"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
local ROUTE="$1"
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_ADDR=$ROUTE%%/*
export CISCO_SPLIT_INC_$CISCO_SPLIT_INC_MASKLEN=$ROUTE##*/
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC+1))
export CISCO_IPV6_SPLIT_INC=0
# Do the same for IPv6
function addroute6()
local ROUTE="$1"
local NET="$ROUTE%%/*"
local MASKLEN="$ROUTE##*/"
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_ADDR=$NET
export CISCO_IPV6_SPLIT_INC_$CISCO_IPV6_SPLIT_INC_MASKLEN=$MASKLEN
export CISCO_IPV6_SPLIT_INC=$(($CISCO_IPV6_SPLIT_INC+1))
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
local IPADDR="$1%%/*"
local MASKLEN="$1##*/"
local OCTET1="$(echo $IPADDR
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes$COUNT=$r%%/*;$r##*/;0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
for r in $ROUTES6; do
addroute6 $r
done
exec /etc/openconnect/vpnc-script
answered Feb 13 at 21:14
atrusatrus
113
answered Feb 13 at 21:14
atrusatrus
113
answered Feb 13 at 21:14
atrusatrus
113
answered Feb 13 at 21:14
atrusatrus
113
113
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f220380%2fopenconnect-setting-default-routes%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
