In order to access the enterprise intranet remotely, we have to use the Cisco AnyConnect VPN client. We're allowed to install it on any personal machines, and they provide downloads and instructions for Windows, Mac and Linux. This works fine except for the routing table configurations they provide.
They route everything except the 10.0.0.0/8 and 172.0.0.0/8 (that's not a typo) subnets over the VPN. This is baked into the client and I can't find a way to change it. All I really need are ports 80, 443 and 22 for a small Class C subnet routed through the VPN tunnel.
Is there a way to change the routing table configurations? Barring that, would it be possible to setup a linux VM with an HTTP/S proxy and SSH that route over the VPN tunnel?
Best Answer
I can only address the first part of that question, "would it be possible to setup a linux VM ... that route over the VPN tunnel". Yes, you can.
If you make use of an alternate client, openconnect, split tunneling is fairly straightforward. You'd also need vpnc-script in order to make the process of setting up routes a little easier (although you can always manually go back afterwards and use the
ip routecommands).Then you'd follow the instructions in this github gist. Essentially,
where
10.10.0.0/14should be the subnet you'd like to have pass through the VPN.Your routes after this command will end up looking something like
Note that most traffic is passing over the default route, while the subnet specified in the command (
10.10.0.0/14) is passing over the tunnel.