Mailing List Archive

Re: vpnc comment / feature request
Hello Vijay,

it seems to me you just want to implement a "split tunnel" from client side.
I wrote a tutorial for this, available in the Nortel branch of vpnc.
You can download it from

I never tried it with Cisco, but I see no reason why it should not work.
Indeed, would be nice if you could test it and report any

Best Regards,
Antonio Borneo

On Fri, Sep 18, 2009 at 11:27 AM, Vijay Ramasubramanian <> wrote:
> Hello,
> First allow me to thank you heartily for writing / maintaining vpnc . I'm
> delighted to not have to run Cisco's poorly-maintained code, particularly
> their Linux kernel module (!).
> I also really appreciate have a BSD-compatible connection method. I think
> large institutions are, to put it nicely, foolish for using these Cisco VPNs
> under the guise of security, but of course if we fought everything foolish,
> we would never get to the real work.
> I would like to ask you to consider a couple of features -- in my case, I
> don't want the VPN connection to take over the default route. I simply want
> to be able to route certain specified networks via the VPN. I would
> appreciate the ability to tell vpnc this, probably via the .conf file.
> The other thing is that the DNS entries I need within the VPN are also made
> visible in the external DNS, which I can reach using my standard DNS server.
> So it would also be nice to have the ability to tell vpnc not to alter
> resolv.conf .
> I've attached a hacked-up vpnc-script that does what I want in my case,
> under Linux. Let me make the disclaimer that it is certainly not the
> cleanest hack, and I hardcoded /sbin/route as the route command since I am
> familiar with its syntax rather than the /sbin/ip route syntax.
> I am not averse to writing patches that implement these things cleanly, but
> there are obviously multiple approaches that could be taken, so I'd rather
> discuss it with you first.
> Thank you once again,
> Vijay.
vpnc-devel mailing list