Routing rules with an IP prefix of 0 to route all traffic are ignored.
My company VPN (Pulse) has a "tunnel-all" connection option (by adding the URL path "/tunnel-all" to the gateway) which routes all network traffic through the VPN. This works fine when using openconnect on the command-line, but doesn't work properly when trying to connect through NetworkManager. The connection to the VPN itself succeeds, but accessing any network address on the VPN times out.
From what I can tell the issue is caused by the nm-openconnect-service-copenconnect-helper program. When running this locally I get the following warning from the helper:
[helper-20556] Ignoring invalid static route prefix '0'
My guess is it's using "0" for the prefix as the rule to route all traffic. This fails the check for tmp_prefix <= 0
in the helper. I tried changing the check to tmp_prefix < 0
but this didn't appear to work.
This is the full route as reported by the openconnect command-line:
Received split include route 0.0.0.0/0.0.0.0
Received split include route 192.168.80.253/255.255.255.255
Received split include route 192.168.80.254/255.255.255.255
Received split exclude route 64.68.96.0/255.255.224.0
Received split exclude route 66.114.160.0/255.255.240.0
Received split exclude route 66.163.32.0/255.255.224.0
Received split exclude route 170.133.128.0/255.255.192.0
Received split exclude route 173.39.224.0/255.255.224.0
Received split exclude route 173.243.0.0/255.255.240.0
Received split exclude route 207.182.160.0/255.255.224.0
Received split exclude route 209.197.192.0/255.255.224.0
Received split exclude route 216.151.128.0/255.255.224.0
Received split exclude route 114.29.192.0/255.255.224.0
Received split exclude route 210.4.192.0/255.255.240.0
Received split exclude route 69.26.176.0/255.255.240.0
Received split exclude route 62.109.192.0/255.255.192.0
Received split exclude route 69.26.160.0/255.255.224.0
Received split exclude route 13.107.64.0/255.255.192.0
Received split exclude route 52.112.0.0/255.252.0.0
Received split exclude route 52.244.37.168/255.255.255.255
Received split exclude route 52.244.203.72/255.255.255.255
Received split exclude route 52.244.207.172/255.255.255.255
Received split exclude route 52.244.223.198/255.255.255.255
Received split exclude route 150.253.128.0/255.255.128.0
Received split exclude route 170.72.0.0/255.255.0.0