Not specifically related to vpnc
but, I'll offer what I can think of...
Typically, client VPN connections go down because there is a period of inactivity across the tunnel. The easiest way to overcome that is to keep a ping -t
to a known device at the other end of the tunnel.
Otherwise, if your vpnc
process is going down, it may be because the VPN endpoint is overloaded, either endpoint is sending packets that the other endpoint believes to be invalid and so has torn it down, or vpnc
is ostensibly broken. See if anythin is mentioned in its associated log files.
It should be noted that, as I understand it vpnc
is a client tool, not a service/daemon. It might be more appropriate to use a more service-oriented tool for your endpoint (or even a cheap hardware site-to-site gateway/firewall/router). Not sure what software-based solutions might do this.
The remaining alternative is to script/code your processes so that they check for the existence of the target server address and/or vpnc
process and start vpnc
if not found, before each unit of work.
But, really, a hardware device should be used for permanent connections. You can pick up a basic Linksys/Netgear/D-Link/etc device that can talk the basic protocols cheaply enough.
is there a way to keep the SSH connection alive while connecting to
the VPN?
No. That system's routing changes dramatically when you connect to the VPN, which breaks all established TCP sockets.
You should look into using a terminal multiplexer like screen or tmux in your ssh session - that way you can have a persistent shell that you can re-connect to.
Best Answer
Use vpn-slice to set up a split tunnel connection wherein your DNS configuration is not modified, and only traffic to a few hosts or IP subnets is routed over the VPN.
It was created for this exact purpose:
Once you've installed vpn-slice, use it with OpenConnect as a replacement for the standard vpnc-script (you can remove the
-v --dump
after you've confirmed that it's working properly):This will set the routing tables up so that only traffic to those two particular hosts are routed over the VPN, and will add entries for them to
/etc/hosts
. Docs have more details.(I'm the author of vpn-slice, and one of the main contributors to OpenConnect.)