make;
make install;

some notes to myself

Blog

About

We prevent split-tunneling from the server side

Written on February 28, 2016

Yeah… no.

We use Cisco’s AnyConnect VPN software at work and the Security team seems to think that the server side is preventing our clients from split-tunneling…

Take a look here: https://gist.github.com/jagtesh/5531300. You could edit it so it adds a separate route for the internal (172.0.0.0/12) traffic. And then pass it in to openconnect with the -s flag. You could also have a script to do DNS lookups for webproxy.internal add those IPs to /etc/hosts. You could create and point your browser to a .proxy.pac file so that only the traffic for hosts “.mil” and “.gov” is sent over the webproxy.

I said ‘could’, not ‘should’.