search

dlenski / vpn-slice

vpnc-script replacement for easy and secure split-tunnel VPN setup
GNU General Public License v3.0
744 stars 87 forks source link

Routes cleanup on disconnect #143

Closed sbasmanov closed 11 months ago

sbasmanov commented 1 year ago

Not sure if this is issue or misconfiguration, but I haven't found any info on this. On macOS Ventura (13.6) I installed with homebrew: openconnect and vpn-slice script. My goal is to route all 10/8 traffic to vpn, excluding few networks. So, here is command: sudo openconnect -c mycert.pem mycompany.net -s 'vpn-slice 10.0.0.0/8 %10.250.0.0/16 %10.240.0.0/24 %10.254.0.0/24 -i --domains-vpn-dns mycompany.net' Here is my routing tables:

  1. wifi off 
    Destination        Gateway            Flags           Netif Expire
127                127.0.0.1          UCS               lo0       
127.0.0.1          127.0.0.1          UH                lo0       
224.0.0            link#1             UmCS              lo0
    1. wifi on, normal routing table 
      Destination        Gateway            Flags           Netif Expire
default            10.254.0.1         UGScg             en0       
10.254/24          link#15            UCS               en0      !
10.254.0.1/32      link#15            UCS               en0      !
10.254.0.1         8:55:31:9d:73:28   UHLWIir           en0   1196
    2. vpn connected, everything works fine 
      Destination        Gateway            Flags           Netif Expire
default            10.254.0.1         UGScg             en0       
10                 utun7              USc             utun7       
10.218.9.221       10.218.9.221       UH              utun7       
10.224.1.11        utun7              UHS             utun7       
10.224.1.21        utun7              UHS             utun7       
10.240/24          10.254.0.1         UGSc              en0       
10.250/16          10.254.0.1         UGSc              en0       
10.254/24          link#15            UCS               en0      !
10.254.0.1/32      link#15            UCS               en0      !
10.254.0.1         8:55:31:9d:73:28   UHLWIir           en0   1196
    3. vpn disconnected, extra routes still there 
      Destination        Gateway            Flags           Netif Expire
default            10.254.0.1         UGScg             en0       
10.240/24          10.254.0.1         UGSc              en0       
10.250/16          10.254.0.1         UGSc              en0       
10.254/24          link#15            UCS               en0      !
10.254.0.1/32      link#15            UCS               en0      !
10.254.0.1         8:55:31:9d:73:28   UHLWIir           en0   1198

To get routing table back to normal I have to disable wifi, then issue route flush and then enable wifi.

Am I missing something? How to remove this routes on disconnect (kill -2)?

Thanks.

dlenski commented 11 months ago

On macOS Ventura (13.6) I installed with homebrew: openconnect and vpn-slice script.

How to remove this routes on disconnect

Are you running a build of vpn-slice that includes 28ace485075c0acb98650ffa3d599bde4d1563a5?

sbasmanov commented 11 months ago

I installed it for first time using homebrew. It shows version: vpn-slice 0.16.1 Checked /opt/homebrew/Cellar/vpn-slice/0.16.1/libexec/lib/python3.12/site-packages/vpn_slice/main.py:

image

Seems this version is different (old). Tried brew upgrade vpn-slice: Warning: vpn-slice 0.16.1 already installed So, probably I need to replace brew version with version from GitHub.