Routing all traffic via a VPN using openconnect
I recently had to connect to my university’s VPN to get access to statistics by statista. I connected using
openconnect, an Open Source Cisco-Anyconnect-Compliant VPN software. However, it turned out that my university’s VPN config only routes university intranet traffic via the VPN, leaving all other traffic to be send via the default interface. Statista, obviously not belonging to my university’s intranet, thus refused to serve me premium statistics.
ip route show revealed that
openconnect configured a whole bunch of
link local routes, that it makes available through the
tun0 interface. Here,
scope link means that hosts in the respective (sub-)net are directly addressable, without need for routing.
ARP (Adress Resolution Protocol — IPv4) or NDP (Neighbor Discovery Protocol — IPv6) should therefore yield MAC-Address—IP-Address pairs for these hosts.
The following is an (anonymized) excerpt of the entries revealed by
ip route show:
default via 192.168.178.1 dev wlan0 xyz.xyz.xyz.xy dev tun0 scope link xyz.xyz.xyz.xy dev tun0 scope link xyz.xyz.xyz.xy dev tun0 scope link xyz.xyz.xyz.xy dev tun0 scope link
default route remained at
default via 192.168.178.1 dev wlan0.
So how do we route all traffic through
ip route del default via 192.168.178.1 dev wlan0 ip route add default via xyz.xyz.xyz.xyz dev tun0
And that’s it. Simply changing the default route forces all traffic to go through the VPN-tunnel, thus unlocking Statista statistics.
xyz.xyz.xyz.xyz here refers to the IP-address that we hold on the