borneo.antonio at gmail
Sep 17, 2009, 11:16 PM
Post #1 of 1
Re: vpnc comment / feature request
it seems to me you just want to implement a "split tunnel" from client side.
I wrote a tutorial for this, available in the Nortel branch of vpnc.
You can download it from
I never tried it with Cisco, but I see no reason why it should not work.
Indeed, would be nice if you could test it and report any
On Fri, Sep 18, 2009 at 11:27 AM, Vijay Ramasubramanian <vram0 [at] umd> wrote:
> First allow me to thank you heartily for writing / maintaining vpnc . I'm
> delighted to not have to run Cisco's poorly-maintained code, particularly
> their Linux kernel module (!).
> I also really appreciate have a BSD-compatible connection method. I think
> large institutions are, to put it nicely, foolish for using these Cisco VPNs
> under the guise of security, but of course if we fought everything foolish,
> we would never get to the real work.
> I would like to ask you to consider a couple of features -- in my case, I
> don't want the VPN connection to take over the default route. I simply want
> to be able to route certain specified networks via the VPN. I would
> appreciate the ability to tell vpnc this, probably via the .conf file.
> The other thing is that the DNS entries I need within the VPN are also made
> visible in the external DNS, which I can reach using my standard DNS server.
> So it would also be nice to have the ability to tell vpnc not to alter
> resolv.conf .
> I've attached a hacked-up vpnc-script that does what I want in my case,
> under Linux. Let me make the disclaimer that it is certainly not the
> cleanest hack, and I hardcoded /sbin/route as the route command since I am
> familiar with its syntax rather than the /sbin/ip route syntax.
> I am not averse to writing patches that implement these things cleanly, but
> there are obviously multiple approaches that could be taken, so I'd rather
> discuss it with you first.
> Thank you once again,
vpnc-devel mailing list
vpnc-devel [at] unix-ag