WIndows + Openconnect, cannot browse internet

Question

I need to connect to a third-party Cisco AnyConnect VPN.

In my Windows PC, am using CLI openconnect client from https://gitlab.com/openconnect/openconnect

The VPN works perfectly fine, however it blocks navigation to other Internet sites. I suppose that all Internet traffic is forwarded through the VPN, and this should not happen.

(Please notice that I have exactly the same issue with Cisco AnyConnect Client; this is the reason why I tried with OpenConnect).

Inside the VPN, my IP is 10.127.94.xxx and I have to reach two different servers located at 10.128.230.yyy and 172.25.98.zzz

So I ask, how can I set up openconnect/routes so that the VPN is used only for these two IP's?

Thank you.

Answer 1

I found out how to enable "split tunnel" with OpenConnect. Take the default script vpnc-script-win.js, it is inside c:\Programs\OpenConnect folder; find where the environment "env" is loaded: https://gitlab.com/openconnect/vpnc-scripts/-/blob/master/vpnc-script-win.js#L25

and there add CISCO_SPLIT_INC configuration:

env("CISCO_SPLIT_INC") = 3;   // how many IP's to reach in VPN network
env("CISCO_SPLIT_INC_0_ADDR") = '10.128.230.yyy'; // first IP
env("CISCO_SPLIT_INC_0_MASK") = '255.255.255.255';
env("CISCO_SPLIT_INC_0_MASKLEN") = 0;
env("CISCO_SPLIT_INC_1_ADDR") = '172.25.98.zzz'; // second IP
env("CISCO_SPLIT_INC_1_MASK") = '255.255.255.255';
env("CISCO_SPLIT_INC_1_MASKLEN") = 0;
env("CISCO_SPLIT_INC_2_ADDR") = '172.25.68.www'; // DNS
env("CISCO_SPLIT_INC_2_MASK") = '255.255.255.255';
env("CISCO_SPLIT_INC_2_MASKLEN") = 0;

Hope this can help somebody.