Eduvpn connection only used for specific CIDR range(s)

[pooh22]

Currently it seems I can only use eduvpn to pass all traffic from my client to the entire internet via eduvpn, but I would like to be able to work on the local network directly, but via VPN to a specific ip range.

It would be nice if I could configure an option in the eduvpn client (cli/gui) to setup a route on my client for 123.123.0.0/16 via eduvpn and keep using the network default route and local network connections for other ip ranges.

This way, when I'm working from home, I can keep using my local printer, file shares and octopi without disconnecting from eduvpn.

[pooh22]

A workaround script that seems to do the trick:

#!/bin/bash
# find tunnel device. probably tun0
TUNDEV=$(ip route |grep default |grep tun |awk '{print $5}')
if [[ "$TUNDEV" == "" ]]; then 
    echo 'geen tunnel, niks te doen dus'
    exit 1
fi
# find gateway for tunnel device
TUNGW=$(ip route |grep default |grep $TUNDEV |awk '{print $3}')
# delete all routes that run via tunnel device
ip route |grep $TUNDEV  |grep -v scope | ( while read line; do sudo ip route del  $line;done )
# add route to network via tunnel device
sudo ip route add 123.123.0.0/16 via  $TUNGW dev $TUNDEV

I'd prefer to have this as an option in eduvpn, it saves an extra step in setting up the vpn

[jwijenbergh]

Right, you can try to script something together with NetworkManager dispatcher scripts so that this is automatically done when the VPN connection gets added/connected by the client: https://networkmanager.dev/docs/api/latest/NetworkManager-dispatcher.html