Written on February 28, 2016
We use Cisco’s AnyConnect VPN software at work and the Security team seems to think that the server side is preventing our clients from split-tunneling…
Take a look here: https://gist.github.com/jagtesh/5531300. You could edit it so it adds a separate route for the internal (220.127.116.11/12) traffic. And then pass it in to openconnect with the -s flag. You could also have a script to do DNS lookups for webproxy.internal add those IPs to /etc/hosts. You could create and point your browser to a .proxy.pac file so that only the traffic for hosts “.mil” and “.gov” is sent over the webproxy.
I said ‘could’, not ‘should’.