Table of Contents
- DISCLAIMER 2. Status 3. Introduction 4. Security issues 5. DNS
Kristall Wang KristallWang
KristallWang
/ split_tunneling.md
Created
May 22, 2019 21:24
— forked from jagtesh/split_tunneling.md
Split Tunneling tutorial - with openconnect (tested, works with Cisco AnyConnect VPN)
Source: http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-February/002990.html
KristallWang
/ vpn-openconnect-connect-to-cisco-anyconnect.md
Created
May 22, 2019 21:24
— forked from stefancocora/vpn-openconnect-connect-to-cisco-anyconnect.md
Split tunneling with openconnect - A guide on how to use openconnect to establish a vpn connection to an enterprise cisco anyconnect vpn endpoint with client side routing.
The purpose of this short howto is to show you how to:
- use
openconnect[1] to connect to an enterprise cisco anyconnect endpoint - whilst minimizing the amount of traffic that your route through the vpn connection
Usually VPN administrators will puth the default route to the users, so that all user traffic is routed through the vpn connection. This is to address the various security concerns around compromised user computers bridging external internet traffic into the secure VPN network.
While the VPN administrator can push routes to the clients, the client can ignore these default routes and establish client side routing so that only the required A.B.C.D/E network is routed through the VPN. All other traffic will still use the clients default route and default outbound internet connection.
I hereby claim:
- I am kristall-wangshiwei on github.
- I am kristall_wang (https://keybase.io/kristall_wang) on keybase.
- I have a public key ASANSB3RzrFvC686u2dbQIoxf-330DsTp6zu_PrQvBRy5go
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"0.9303315170109272":"-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nCharset: UTF-8\r\n\r\nxv8AAABSBAAAAAATCCqGSM49AwEHAgMEAe0Ndr76leKleb8QeTCvdoiKJliTcNW6\r\nrYhPM15tk9nO+l9AQZ80b3SI3ESMYCS1kUMIpGxokuFdGaNF5E/oPc3/AAAACDxn\r\naXRodWI+wv8AAACNBBATCAA//wAAAAWCVyCuCP8AAAACiwn/AAAACZDXXUa6xl0x\r\n2/8AAAAFlQgJCgv/AAAAA5YBAv8AAAACmwP/AAAAAp4BAAAxcQD/Tvu4niURJeuM\r\nN1i4c+/jDk5/ZAVK4trNrSNMuJKLv+ABANfO1zyqtg+gC1MXEtwY7OQcuOfwn4cq\r\nwLsEfuOhoU3Gzv8AAABWBAAAAAASCCqGSM49AwEHAgME9luPhfrMtKdNhXtbPIB3\r\n8XBUTVbPq0Vq8LN6QTcnF7OjfSJYDlTcj1Is82ZbcU1HyWecp/Yp7F3iyBsyB6i8\r\n3gMBCAfC/wAAAG0EGBMIAB//AAAABYJXIK4I/wAAAAmQ111GusZdMdv/AAAAApsM\r\nAADNZQD9E28yIEtd32FXEvmCVd8l23V2ZXkMKnE+g8lEiupwa/kA+gIM2X1pYTSD\r\nb7UjPlw1qMftNiREueW4OVi0ecBnfN23\r\n=K4PT\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n"} |