12-18-2018 11:49 PM - edited 03-12-2019 05:32 AM
OS: Ubuntu 18.04.1 (64-bit)
Client version: 3.1.14018
Setup: a connection is established; the remote uses a number of private subnets, including the whole 10.0.0.0/8 range.
Problem: we use a subset of 10.0.0.0/8 in our intranet (say, 10.10.10.0/24). With the default routing created after connection to VPN, our intranet hosts become unreachable.
Issue: the routes inserted by AnyConnect client
- have all metric of 0
- cannot be removed
I tried removing and re-inserting the route for 10.0.0.0/8, with higher metric, in order to add a route for our subnet, to eb able to access it.
However, AnyConnect client doesn't allow removing its routes, and I see no obvious means to raise the metric for them.
Is it possible to either remove/insert the established AnyConnect routes, or somehow configure the AnyConnect client to use higher metric values?
12-23-2018 03:44 PM
I'm not sure how to handle it with AnyConnect. But you could also evaluate OpenConnect as an alternative: https://www.infradead.org/openconnect/
It uses the vpnc script for all routing and there you should be able to customise everything for your needs.
And AnyConnect 3.1 is EOL anyway ...
12-24-2018 06:40 AM
There's a given setup using the mentioned AnyConnect and I can't change that.
There's a solution posted on the Net, where a "hack" using the below call
int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()
is utilized. AnyConnect prevents changes to routing table; the above negates that and allows removing a routing entry, adding it back with higher metric value, which allows inserting another entry, with lesser metric value.
However, it's still a hack. If there's no official workaround/configuration, I'll have to use the above.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide