To do that you need to add a script to your VPNC configuration. It could be stored in this file /etc/vpnc/split
The script needs to be made executable:
chmod +x /etc/vpnc/splitThe script is documented here and can look like this:
#!/bin/bash
#http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel/split_tunnel.txt
#Add one IP to the list of split tunnel
add_ip ()
{
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=255.255.255.255
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=8
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
}
# Initialize empty split tunnel list
export CISCO_SPLIT_INC=0
# Delete DNS info provided by VPN server to use internet DNS
# Comment following line to use DNS beyond VPN tunnel
#unset INTERNAL_IP4_DNS
# List of IPs beyond VPN tunnel
add_ip 10.0.0.0 # pop3.mycom.com and smtp
add_ip 159.0.0.0 # ldap.mycom.com
add_ip 139.0.0.0
# Execute default script
. /etc/vpnc/vpnc-script
# End of scriptThe first line of the configuration (for instance /etc/vpnc/default.conf) should then reference the script like this:
Script /etc/vpnc/split
IPSec gateway...Then when you connect through VPN only IPs starting with 10, 159 and 139 will be routed through VPN.
