VPN cannot honour 'split excludes'
My employer's VPN configuration now uses a 'split exclude', identifying a range of IP addresses which are not to be routed to the VPN although the VPN does get the default route.
I went to fix this in NetworkManager-openconnect... but I don't think NetworkManager itself supports this.
I could probably come up with some nasty hack where instead of excluding e.g. 1.2.0.0/16 I instead construct the equivalent full set of include routes:
- 0.0.0.0/8
- 1.0.0.0/15
- (NOT 1.2.0.0/16)
- 1.3.0.0/16
- 1.4.0.0/14
- 1.8.0.0/13
- 1.16.0.0/12
- 1.32.0.0/11
- 1.64.0.0/10
- 1.128.0.0/9
- 2.0.0.0/7
- 4.0.0.0/6
- 8.0.0.0/5
- 16.0.0.0/4
- 32.0.0.0/3
- 64.0.0.0/2
- 128.0.0.0/1
Please don't make me do that; I doubt it would end well. And it's bad enough for Legacy IP; I don't even want to have to contemplate it for IPv6.