This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Network technology Use OpenConnect instead of Cisco AnyConnect to avoid ...
View: 8301|Reply: 1

[Source] Turn to use OpenConnect instead of Cisco AnyConnect to avoid routing table locks

[Copy link]
Posted on 3/21/2022 9:13:12 AM | | |
review

Build an ocserv vpn proxy on CentOS 7
https://www.itsvse.com/thread-9409-1-1.html

anyconnect-win-4.9.04053-predeploy-k9.zip download
https://down.itsvse.com/item/zgkzxg.html
preface

Recently, I worked on a project that required a VPN connection to the other party's server, and the other party was using Cisco AnyConnect.

We installed the AnyConnect client and it can be connected.

issue

Later, when our system couldn't run, we discovered a problem: our system needed to connect to our intranet service X, and the IP address of service X was included in AnyConnect's routing table. If you look at the routing table, you can see this situation, as soon as the VPN is disconnected, service X can be accessed again, and immediately it fails. We don't even need a VPN to access the other party's IP, but this VPN routes a bunch of private network segments.

I directly deleted the corresponding routing table, and then refreshed the routing table to see, why is that entry still there? ?

After searching for a long time, I finally found the culprit, that isAnyConnect itself. It will deliberately monitor the routing table and change it back to you if it finds that it has been tampered with
Resolved an issue where the Cisco AnyConnect client did not allow the routing table to be changed
https://zhuanlan.zhihu.com/p/129792747

settle

In the link just now, someone proposed a solution: instead of AnyConnect, use open source insteadOpenConnect。 Installation is simple, Linux/Mac OS has ready-made packages that can be installed via the command line, and Windows also has a corresponding GUI version.

OpenConnect address:The hyperlink login is visible.

OpenConnect is a cross-platform multiprotocol SSL VPN client that supports multiple VPN protocols:

Cisco AnyConnect ( --protocol=anyconnect )
Array Networks AG SSL VPN ( --protocol=array )
Juniper SSL VPN ( --protocol=nc )
Pulse connection security (--protocol=pulse
Palo Alto Networks GlobalProtect SSL VPN ( --protocol=gp )
F5 Big-IP SSL VPN ( --protocol=f5 )
Fortinet Fortigate SSL VPN ( --protocol=fortinet )
Windows GUI version (openconnect-gui):The hyperlink login is visible.

Once installed, connect to the VPN using the following command:

After the connection is established, you can check the routing table and find that the routing table has indeed been added a lot.

But it doesn't matter, sudo ip del xxxxxxxxxxxx, you can delete it directly. This solves the problem.

Original:The hyperlink login is visible.





Previous:[Translation]. NET to use the difference between ValueTask and Task
Next:Windows Routing Table sets the specified egress IP for different networks

Related Posts
 Landlord| Posted on 3/21/2022 9:23:32 AM |
Windows Routing Table sets the specified egress IP for different networks
https://www.itsvse.com/thread-10277-1-1.html
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com