Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4053
Views
0
Helpful
2
Replies

Changing metric for routes inserted by AnyConnect Secure Mobility Client

Temmokan
Level 1
Level 1

‎12-18-2018 11:49 PM - edited ‎03-12-2019 05:32 AM

OS: Ubuntu 18.04.1 (64-bit)
Client version: 3.1.14018

Setup: a connection is established; the remote uses a number of private subnets, including the whole 10.0.0.0/8 range.

Problem: we use a subset of 10.0.0.0/8 in our intranet (say, 10.10.10.0/24). With the default routing created after connection to VPN, our intranet hosts become unreachable.

Issue: the routes inserted by AnyConnect client
- have all metric of 0
- cannot be removed

I tried removing and re-inserting the route for 10.0.0.0/8, with higher metric, in order to add a route for our subnet, to eb able to access it.

However, AnyConnect client doesn't allow removing its routes, and I see no obvious means to raise the metric for them.

Is it possible to either remove/insert the established AnyConnect routes, or somehow configure the AnyConnect client to use higher metric values?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎12-23-2018 03:44 PM

I'm not sure how to handle it with AnyConnect. But you could also evaluate OpenConnect as an alternative: https://www.infradead.org/openconnect/

It uses the vpnc script for all routing and there you should be able to customise everything for your needs.

And AnyConnect 3.1 is EOL anyway ...

0 Helpful

Temmokan
Level 1
Level 1
In response to Karsten Iwen

‎12-24-2018 06:40 AM

There's a given setup using the mentioned AnyConnect and I can't change that.

There's a solution posted on the Net, where a "hack" using the below call

int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()

is utilized. AnyConnect prevents changes to routing table; the above negates that and allows removing a routing entry, adding it back with higher metric value, which allows inserting another entry, with lesser metric value.

However, it's still a hack. If there's no official workaround/configuration, I'll have to use the above.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents