tresni/add_route.sh

## add_route.sh
#! /bin/bash

INTERFACE=$(route -n get wwwin.cisco.com | awk ' /interface: / { print $2 } ')
DEFAULT=$(route -n get default | awk ' /interface: / { print $2 } ')

add_route () {
    sudo route add -net $1 $2
}

if [ $DEFAULT != $INTERFACE ]; then
    GATEWAY=$(route -n get wwwin.cisco.com | awk ' /gateway: / { print $2 } ')
    for arg; do
        if ! [[ $arg =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            for ip in $(host $arg | awk '/has address/ { print $4 }'); do
                add_route $ip $GATEWAY
            done
        else
            add_route $arg $GATEWAY
        fi
    done
fi

## example-script.sh
#! /bin/bash

# Use this with openconnect by specifing the -s parameter
# If you need to use SSO when you login, look at wrapping openconnect using
# [openconnect-sso](https://github.com/vlaci/openconnect-sso)

# shellcheck source=utils.sh
. "$(dirname "$0")/utils.sh"

# Initialize empty split tunnel list
export CISCO_SPLIT_INC=0
export CISCO_IPV6_SPLIT_INC=0

# Delete DNS info provided by VPN server to use internet DNS
# Comment following line to use DNS beyond VPN tunnel
unset INTERNAL_IP4_DNS
unset INTERNAL_IP6_DNS

# IPv4
add_network 10.0.0.0 255.0.0.0 8
add_ip 192.168.0.1

# IPv6
add_networkv6 fefe:: 32

# Domain based
add_domain example.com

# Have these domains resolve through these specific nameservers
# Only works on OSX (only OS that uses /etc/resolver/ to my knowledge.)
add_resolver example.com 1.2.3.4 1.2.3.5
add_resolver example.org 1.2.3.6


# Execute default script
# shellcheck disable=SC1091
. /usr/local/etc/vpnc-script

## utils.sh
#! /bin/bash

add_network ()
{
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$2
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$3
    export CISCO_SPLIT_INC=$((CISCO_SPLIT_INC + 1))
}

add_networkv6 ()
{
    export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_ADDR=$1
    export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_MASKLEN=$2
    export CISCO_IPV6_SPLIT_INC=$((CISCO_IPV6_SPLIT_INC + 1))
}

# Add one IP to the list of split tunnel
add_ip ()
{
    add_network "$1" 255.255.255.255 32
}

add_domain ()
{
    for ip in $(dig +short "$1"); do
        if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
            add_ip $ip
        fi
    done
}

# misnomer, this adds and/removes domain specific resolvers on connect/disconnect
add_resolver ()
{
    # shellcheck disable=SC2154
    case "$reason" in
        "connect" | "disconnect")
            true
            ;;
        *)
            return
            ;;
    esac

    domain=$1
    shift
    [ ! -d /etc/resolver ] && mkdir /etc/resolver/
    [ -f /etc/resolver/$domain ] && rm /etc/resolver/$domain
    # shellcheck disable=SC2154
    if [ "$reason" = "connect" ]; then
        for nameserver in "$@"; do
            echo "nameserver $nameserver" >> /etc/resolver/$domain
        done
    fi
}
	#! /bin/bash

	INTERFACE=$(route -n get wwwin.cisco.com \| awk ' /interface: / { print $2 } ')
	DEFAULT=$(route -n get default \| awk ' /interface: / { print $2 } ')

	add_route () {
	sudo route add -net $1 $2
	}

	if [ $DEFAULT != $INTERFACE ]; then
	GATEWAY=$(route -n get wwwin.cisco.com \| awk ' /gateway: / { print $2 } ')
	for arg; do
	if ! [[ $arg =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
	for ip in $(host $arg \| awk '/has address/ { print $4 }'); do
	add_route $ip $GATEWAY
	done
	else
	add_route $arg $GATEWAY
	fi
	done
	fi
	#! /bin/bash

	# Use this with openconnect by specifing the -s parameter
	# If you need to use SSO when you login, look at wrapping openconnect using
	# [openconnect-sso](https://github.com/vlaci/openconnect-sso)

	# shellcheck source=utils.sh
	. "$(dirname "$0")/utils.sh"

	# Initialize empty split tunnel list
	export CISCO_SPLIT_INC=0
	export CISCO_IPV6_SPLIT_INC=0

	# Delete DNS info provided by VPN server to use internet DNS
	# Comment following line to use DNS beyond VPN tunnel
	unset INTERNAL_IP4_DNS
	unset INTERNAL_IP6_DNS

	# IPv4
	add_network 10.0.0.0 255.0.0.0 8
	add_ip 192.168.0.1

	# IPv6
	add_networkv6 fefe:: 32

	# Domain based
	add_domain example.com

	# Have these domains resolve through these specific nameservers
	# Only works on OSX (only OS that uses /etc/resolver/ to my knowledge.)
	add_resolver example.com 1.2.3.4 1.2.3.5
	add_resolver example.org 1.2.3.6


	# Execute default script
	# shellcheck disable=SC1091
	. /usr/local/etc/vpnc-script
	#! /bin/bash

	add_network ()
	{
	export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
	export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$2
	export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$3
	export CISCO_SPLIT_INC=$((CISCO_SPLIT_INC + 1))
	}

	add_networkv6 ()
	{
	export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_ADDR=$1
	export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_MASKLEN=$2
	export CISCO_IPV6_SPLIT_INC=$((CISCO_IPV6_SPLIT_INC + 1))
	}

	# Add one IP to the list of split tunnel
	add_ip ()
	{
	add_network "$1" 255.255.255.255 32
	}

	add_domain ()
	{
	for ip in $(dig +short "$1"); do
	if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
	add_ip $ip
	fi
	done
	}

	# misnomer, this adds and/removes domain specific resolvers on connect/disconnect
	add_resolver ()
	{
	# shellcheck disable=SC2154
	case "$reason" in
	"connect" \| "disconnect")
	true
	;;
	*)
	return
	;;
	esac

	domain=$1
	shift
	[ ! -d /etc/resolver ] && mkdir /etc/resolver/
	[ -f /etc/resolver/$domain ] && rm /etc/resolver/$domain
	# shellcheck disable=SC2154
	if [ "$reason" = "connect" ]; then
	for nameserver in "$@"; do
	echo "nameserver $nameserver" >> /etc/resolver/$domain
	done
	fi
	}