Added subnet routing support

.gitignore

@@ -0,0 +1 @@
+routes.txt

README.md

@@ -4,13 +4,14 @@ This script uses Openconnect to automatically connect to Cisco Anyconnect VPN se
 
 Server address, username, password and 2fa seed is stored in macOS keychain. Feel free to remove them and ask for user input instead.
 
-Additionaly routing for only specific subnets can be set up in `routing.sh`
+Additionaly routing for only specific subnets can be added in `routes.txt`
 
 ## Setup
 
 ```
 git clone this repo
 brew install openconnect
+brew install vpn-slice
 ```
 
 Add server address, username, password and 2fa seed in keychain with these names:
@@ -21,6 +22,8 @@ Add server address, username, password and 2fa seed in keychain with these names
 
 _For ease of use you can allow automatic keychain access to some of the attributs, but_ **do not allow automatic access to password and especially the 2fa seed**. _It will keep it in memory as long as the script is running._
 
+Rename routes.txt.sample to routes.txt or create an empty routes.txt and add subnets to be routed through VPN there.
+
 ## Usage
 
 ```

routes.txt.sample

@@ -0,0 +1,3 @@
+# Rename this file to routes.txt and add subnets to be routed through VPN here.
+# Add one subnet per line
+# Example: 192.168.15.0/24

routing.sh

@@ -1 +1,61 @@
 #!/bin/bash
+
+ROUTE_FILE=routes.txt
+
+VPN_SLICE=vpn-slice
+
+if ! command -v $VPN_SLICE &> /dev/null
+then
+    echo "$VPN_SLICE is not in path"
+
+    if test -f "/usr/local/Cellar/vpn-slice/0.15/bin/vpn-slice"; then
+        echo "Found vpn-slice elsewhere"
+        VPN_SLICE="/usr/local/Cellar/vpn-slice/0.15/bin/vpn-slice"
+    else
+        echo "Please make sure vpn-slice is in path"
+        exit
+    fi
+fi
+
+if [ "$reason" != "connect" ]; then
+  $VPN_SLICE
+  exit
+fi
+
+echo "Setting up routing"
+
+# Add subnet to list
+add_subnet ()
+{
+    IP=${1%/*}
+    S=${1#*/}
+    M=$(( 0xffffffff ^ ((1 << (32-S)) -1) ))
+    MASK="$(( (M>>24) & 0xff )).$(( (M>>16) & 0xff )).$(( (M>>8) & 0xff )).$(( M & 0xff ))"
+	export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$IP
+    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$MASK
+    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$S
+    export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
+
+    echo "Adding subnet $IP with mask $MASK to list"
+}
+
+# Initialize empty split tunnel list
+export CISCO_SPLIT_INC=0
+
+# Delete DNS info provided by VPN server to use internet DNS
+# Comment following line to use DNS beyond VPN tunnel
+unset INTERNAL_IP4_DNS
+
+if test -f "$ROUTE_FILE"; then
+    echo "Loading subnets from $ROUTE_FILE"
+    while read p; do
+        case "$p" in \#*) continue ;; esac
+        add_subnet $p
+    done <$ROUTE_FILE
+
+else
+    echo "$ROUTE_FILE does not exist. This should not happen."
+fi
+
+# Load default script
+$VPN_SLICE -S

run-vpn.sh

@@ -6,6 +6,10 @@ SEED=$(security find-generic-password -l "Openconnect TOTP Seed" -w)
 PASSWORD=$(security find-generic-password -l "Openconnect Account Password" -w)
 
 
+SCRIPT=`realpath $0`
+SCRIPTPATH=`dirname $SCRIPT`
+ROUTE_FILE=routes.txt
+
 # trap ctrl-c and call ctrl_c()
 trap ctrl_c INT
 
@@ -15,13 +19,20 @@ function ctrl_c() {
   exit
 }
 
+SCRIPT_INCLUDE=""
+
 while true; do
   echo "Connecting to VPN"
 
+  if test -f "$ROUTE_FILE"; then
+    SCRIPT_INCLUDE="--script=\"$SCRIPTPATH/routing.sh\""
+  fi
+
   echo $PASSWORD | sudo openconnect \
     --csd-wrapper hostscan-bypass.sh \
     --passwd-on-stdin \
     --os=mac-intel \
+    $SCRIPT_INCLUDE \
     --token-mode=totp \
     --token-secret=sha1:base32:$SEED \
     -u $USERNAME \