[prev in list] [next in list] [prev in thread] [next in thread]
List: openconnect-devel
Subject: Re: [PATCH 2/4] Helper functions for uplink dev and gateway
From: Gernot Hillier <gernot.hillier () siemens ! com>
Date: 2017-10-17 8:41:06
Message-ID: b57009fe-a0cb-2021-1e53-218e2660ec75 () siemens ! com
[Download RAW message or body]
Am 17.10.2017 um 10:07 schrieb David Woodhouse:
> On Wed, 2017-10-11 at 22:40 +0200, Gernot Hillier wrote:
>>
>> + get_uplink_gw() {
>> + # If we have a specific route to VPNGATEWAY, then this is our
>> + # Internet uplink (VPN tunnel active). If tunnel is not active,
>> + # then the default route should be our uplink.
>> + uplink_route=`netstat -r -n | grep "^$VPNGATEWAY"`
>> + if [ -n "$uplink_route" ]; then
>> + echo "$uplink_route" | awk '{ print $2; }'
>> + else
>> + get_default_gw
>> + fi
>
> That isn't strictly true. I've certainly seen reports from German
> universities where they have some weird wifi setup with a VPN server on
> the *local* network, not accessible via the default route. I thought we
> fixed that... but maybe we did so only for the iproute2 case, where 'ip
> route get' works more sanely?
Well, now it gets weird.
We need this for setting up split-exclude routes which are intended to
tell your client to connect to a limited number of targets directly, not
over the VPN tunnel (in our case, they want to force people to be
connected to company's Intranet completely, but use the exclude-rules
for time-critical stuff like WebRTC).
So, for the case you describe my code should probably do the right thing
as the targets for split-exclude rules are likely not in your local
university network. Probably.
But, generally spoken, the helper function might get things wrong. Hmmmm.
--
Gernot
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic