vpnsplit2
Install Instructions:
-
Install AnyConnect 3.1
-
Install the most recent XCode for your platform (5.01 for Mavericks). Include the command line tools.
-
Install the Mac OS X TUN/TAP driver
-
Install homebrew
-
Use homebrew to install openconnect
brew update
brew install openconnect
-
Get the latest wrapper scripts from my github (do this from your home directory)
git clone http://github.com/mcowger/vpnsplit2.git .vpn
-
Everything is installed!
Usage
To connect to the VPN:
sudo ./vpn.sh C NT-USERNAME [south|west|east]
'C' stands for connect, your username should be obvious, and the optional parameter specifies which VPN server to connect to (defaults to west).
You'll get some output that looks like the following:
Executing /opt/cisco/hostscan/bin/cstub -url "[redacted]/CACHE/sdesktop/install/result.htm" -ticket "07758A474315618622432261" -stub "0" -certhash "9CE3B7DC697B5FDAA01538E4ECA4B741:"
Please enter your username and password.
PASSCODE:
Enter your passcode at the prompt. Once you do, you'll get:
Connect Banner:
| *******************************************
| !!! This is a restricted area !!!
| Access only authorized for EMC Approved Personnel.
| If you are not authorized by EMC,
| PLEASE DISCONNECT NOW.
|
| This group permits Local Lan Access.
| ********************************************
| [redacted]
| ********************************************
|
add host 111.22.333.44: gateway 192.168.X.1
[snip more]
And the script will exit and you are connected. All standard resources are available via the VPN, but the tunnel is now a split include (meaning only certain address spaces are routed through the VPN, and all others around it). Split-DNS is also enabled, meaning that the DNS server pushed by the VPN server is used only for the pushed domains, and all lookups happen against your standard DNS server.
To disconnect
sudo ./vpn.sh D NT-USERNAME
The openconnect process will be killed and all your routes and DNS are put back.