Openconnect throughput

[mimugmail]

Hi,

I had a look at your doc. Stupid question, why do you want to delete default gateway? PBR routes have a higher priority than system routes. You just need to setup host routes for your multiple VPN server and you are good. The renaming stuff of interfaces will come with openconnect 8.0 .. but I have no idea if it will be backported to FreeBSD 11.

I'll try to find out how this vpnc script stuff works ..


P.S.: Wireguard has way faster speed .. I achieved 1,8Gbit on server hardware :)

[Jeroen1000]

I like wireguard too. A lot:-) but it's still not widely supported but I agree, for speed this is the one to watch.

I had to delete the default route because each time you setup a Openconnect VPN, it adds itself as the new default GW. This does not affect PBR as you remark, but I don't want the 'regular' LAN-hosts to go through either a VPN. That is why I delete the default route openconnect adds and just add the one to my ISP again.

A 2nd reason is because of the renaming of the openconnect interface The current VPNC script does not restore everything back to normal. Normal being no leftovers in the routing table after it disconnects. The cause of this, is the renaming. The script should look for the new name instead of the old one.

My next step is playing with the VPNC script too. It shouldn't be too hard to stop it from adding a default GW.