12-18-2018 11:49 PM - edited 03-12-2019 05:32 AM
OS: Ubuntu 18.04.1 (64-bit)
Client version: 3.1.14018
Setup: a connection is established; the remote uses a number of private subnets, including the whole 10.0.0.0/8 range.
Problem: we use a subset of 10.0.0.0/8 in our intranet (say, 10.10.10.0/24). With the default routing created after connection to VPN, our intranet hosts become unreachable.
Issue: the routes inserted by AnyConnect client
- have all metric of 0
- cannot be removed
I tried removing and re-inserting the route for 10.0.0.0/8, with higher metric, in order to add a route for our subnet, to eb able to access it.
However, AnyConnect client doesn't allow removing its routes, and I see no obvious means to raise the metric for them.
Is it possible to either remove/insert the established AnyConnect routes, or somehow configure the AnyConnect client to use higher metric values?
12-23-2018 03:44 PM
I'm not sure how to handle it with AnyConnect. But you could also evaluate OpenConnect as an alternative: https://www.infradead.org/openconnect/
It uses the vpnc script for all routing and there you should be able to customise everything for your needs.
And AnyConnect 3.1 is EOL anyway ...
12-24-2018 06:40 AM
There's a given setup using the mentioned AnyConnect and I can't change that.
There's a solution posted on the Net, where a "hack" using the below call
int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()
is utilized. AnyConnect prevents changes to routing table; the above negates that and allows removing a routing entry, adding it back with higher metric value, which allows inserting another entry, with lesser metric value.
However, it's still a hack. If there's no official workaround/configuration, I'll have to use the above.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: