INTL 3:770/1 3:770/3   
   REPLYADDR unruh@invalid.ca   
   REPLYTO 3:770/3.0 UUCP   
   MSGID:  abe7a062   
   REPLY:  fb808987   
   PID: SoupGate-Win32 v1.05   
   XPost: alt.os.linux.ubuntu, alt.os.linux.mageia   
      
   On 2024-04-13, Markus Robert Kessler  wrote:   
   > On Fri, 12 Apr 2024 18:52:37 -0000 (UTC) William Unruh wrote:   
   >   
   >> On 2024-04-12, Markus Robert Kessler    
   >> wrote:   
   >>> On Thu, 11 Apr 2024 18:43:19 -0000 (UTC) William Unruh wrote:   
   >>>   
   >   
   > No, not from openconnect's side.   
   >   
   > Instead, when openconnect runs in foreground mode ( i.e. not being started   
   > with -b ), it can be terminated cleanly with CTRL-C.   
      
   So I presume that openconnect sends a disconnect to vpnc-script to tear   
   down the routes through tun.   
      
   >   
   > Alternatively, vpnc-disconnect ( out of vpnc package ) can be used, as   
   > long as openconnect writes the same pid file, which vpnc-disconnect takes   
   > the pid number from to ( also cleanly ) terminate the process.   
   >   
      
   OK, that's a good suggestion.   
      
   I have now implimented my idea on two different vpns -- one at UBC and   
   ont at tamu, and it seems to work on both. Of course if a web page in   
   either links to something outside their address space that I specified   
   in the altered lines in the vpnc-script, then that goes through the   
   original connection. If I wanted to view US netflix programs from   
   Canada, that would not work, since netflix would see the packets as   
   coming from Canada, rather then the US. So, some way of adding to the   
   list of the IP addresses that the connections tunnels dynamically would   
   be good. But I guess I can always use ip commend to add routes to my   
   systems routing table through tun.   
      
   The alternative, that everything gets routed through tun really is not   
   very good (never mind that all connections I have to any outside   
   computers get broken when I start the openconnect connection.   
      
   Anyway, thanks for pointing me to the way to get this working.   
   > In my case, I start it like so:   
   >   
   > sudo openconnect --pid-file /var/run/vpnc.pid -b ...   
   > ( on debian based systems the path and filename may differ ),   
   > hence, I can easily end it with vpnc-disconnect.   
   >   
   >>   
   >>> Openconnect is calling vpnc-script for several reasons, see line   
   >>>   
   >>> #* reason                       -- why this script was called, one of:   
   >>> pre-init connect disconnect reconnect attempt-reconnect   
   >>>   
   >>> So, when openconnect is cleanly terminating (not kill -9 ...), it will   
   >>> finally invoke vpnc-script with cause 'disconnect' and the original   
   >>> route is being restored   
   >>>   
   >>>>  _   
   >>>>   
   >>>>   
   >>>>> i.e. the vector size is stored in $CISCO_SPLIT_EXC.   
   >>>>>   
   >>>>> To prevent openconnect from accepting all that trash, I could easily   
   >>>>> set this vector to empty, i.e. include   
   >>>>>   
   >>>>> CISCO_SPLIT_EXC=''   
   >>>>>   
   >>>>> as one the first commands in vpnc-script file, and, that's it!   
   >>>>>   
   >>>>> The reason why Suse's approach, which I took to build my own vpnc rpm   
   >>>>> from, and from which vpnc-script is taken from, does not accept all   
   >>>>> that routes, is that in this version the whole section is not   
   >>>>> included.   
   >>>>>   
   >>>>> If you are interested in seeing how they differ, you may have a look   
   >>>>> at the vimdiff file I created:   
   >>>>>   
   >>>>> https://www.dipl-ing-kessler.de/tmp/vpnc-script   
   >>>>   
   >>>> White letters on light green is almost unreadable.   
   >>>   
   >>> Yes, it's never easy to find a colorscheme in vimdiff which displays   
   >>> everything perfectly. But you can always select the relevant section to   
   >>> have blue on white text or vice versa   
   >>>   
   >>>>> This afternoon I tested above solution on Raspbian OS and it worked   
   >>>>> instantly.   
   >>>>>   
   >>>>> It took me some time to find out, but it was worth every minute :-)   
   >   
   > Best regards,   
   >   
   > Markus   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 15/0 19/38 90/1 105/81 106/201 128/260 129/305 135/220 225   
   SEEN-BY: 153/757 7715 218/700 840 220/70 226/17 30 100 227/114 229/110   
   SEEN-BY: 229/111 112 113 200 206 307 317 400 426 428 470 550 616 664   
   SEEN-BY: 229/700 266/512 267/800 282/1038 291/111 292/854 310/31 320/219   
   SEEN-BY: 322/757 342/200 396/45 460/58 633/280 281 412 418 420 509   
   SEEN-BY: 633/2744 712/848 770/1 3 100 330 340 772/210 220 230 5020/400   
   SEEN-BY: 5075/35   
   PATH: 770/3 1 633/280 229/426