search

dlenski / vpn-slice

vpnc-script replacement for easy and secure split-tunnel VPN setup
GNU General Public License v3.0
744 stars 87 forks source link

loading stuck #138

Closed raptorxcz closed 11 months ago

raptorxcz commented 1 year ago

Hello, I am using vpn-slice with openconnect instead of AnyConnect on macOS. I can successfully connect to vpn. But when I open webpage in vpn, the browser stuck. If I do the same with curl, the curl stuck, after some time I get:

Here is my configuration: vpn-slice -d example.com 10.0.0.0/8 wiki.example.com --verbose --dump

Called by /usr/local/Cellar/openconnect/9.12/bin/openconnect (PID 3012) with environment variables for vpnc-script:
  reason                  => reason=<reasons.pre_init: 1>
  VPNGATEWAY              => gateway=IPv4Address('some ip')
  CISCO_DEF_DOMAIN        => domain=['abc.example.com']
  INTERNAL_IP4_ADDRESS    => myaddr=IPv4Address('10.3.204.127')
  INTERNAL_IP4_MTU        => mtu=1294
  INTERNAL_IP4_NETMASK    => netmask=IPv4Address('255.255.255.0')
  INTERNAL_IP4_NETMASKLEN => netmasklen=24
  INTERNAL_IP4_NETADDR    => network=IPv4Network('10.3.204.0/24')
  INTERNAL_IP4_DNS        => dns=[IPv4Address('10.7.107.10')]
  CISCO_SPLIT_EXC         => nsplitexc=3
  IDLE_TIMEOUT            => idle_timeout=1800
  VPNPID                  => vpnpid=3012
  CISCO_*SPLIT_EXC_*      => splitexc=[IPv4Network('52.120.0.0/14'), IPv4Network('52.112.0.0/14'), IPv4Network('13.107.64.0/18')]
Complete set of subnets to include in VPN routes:
  10.0.0.0/8
Complete set of host names to include in VPN routes after DNS lookup (and add /etc/hosts entries for):
  wiki.example.com
Called by /usr/local/Cellar/openconnect/9.12/bin/openconnect (PID 3012) with environment variables for vpnc-script:
  reason                  => reason=<reasons.connect: 2>
  VPNGATEWAY              => gateway=IPv4Address('some ip')
  TUNDEV                  => tundev='utun3'
  CISCO_DEF_DOMAIN        => domain=['ds.example.com']
  INTERNAL_IP4_ADDRESS    => myaddr=IPv4Address('10.3.204.127')
  INTERNAL_IP4_MTU        => mtu=1294
  INTERNAL_IP4_NETMASK    => netmask=IPv4Address('255.255.255.0')
  INTERNAL_IP4_NETMASKLEN => netmasklen=24
  INTERNAL_IP4_NETADDR    => network=IPv4Network('10.3.204.0/24')
  INTERNAL_IP4_DNS        => dns=[IPv4Address('10.7.107.10')]
  CISCO_SPLIT_EXC         => nsplitexc=3
  IDLE_TIMEOUT            => idle_timeout=1800
  VPNPID                  => vpnpid=3012
  CISCO_*SPLIT_EXC_*      => splitexc=[IPv4Network('52.120.0.0/14'), IPv4Network('52.112.0.0/14'), IPv4Network('13.107.64.0/18')]
Complete set of subnets to include in VPN routes:
  10.0.0.0/8
Complete set of host names to include in VPN routes after DNS lookup (and add /etc/hosts entries for):
  wiki.example.com
Blocked incoming traffic from VPN interface with iptables.
Added routes for 1 nameservers, 1 subnets, 0 aliases.
Restored routes for 0 excluded subnets.
Adding /etc/hosts entries for 1 nameservers...
  10.7.107.10 = dns0.utun3
Looking up 1 hosts using VPN DNS servers...
Got results: [<DNS IN A rdata: 10.6.131.79>]
  wiki.example.com = 10.6.131.79
Added hostnames and aliases for 2 addresses to /etc/hosts.
Added 1 routes for named hosts.
Connection setup done, child process 3031 exiting.

Any idea what is wrong?

dlenski commented 1 year ago

Here is my configuration: vpn-slice -d example.com 10.0.0.0/8 wiki.example.com --verbose --dump

This means that only traffic to 10.0.0.0/8, the VPN's DNS server(s), and the IP address(es) of wiki.example.com will be routed over the VPN.

Nothing else will be routed over the VPN.

But when I open webpage in vpn, …

What is the IP address of the web server in question? Is it one of the above?

… the browser stuck. If I do the same with curl, the curl stuck, after some time I get:

:question:

Did you mean to show an error message here?