Launching the Openconnect AMI Image
- Launch EC2 instance from the AMIs console in EC2 Dashboard
- Choose instance type and storage options.
- Create SSH key to login remotely.
- Create a security group with port 22 (SSH) enabled.
Connection to GlobalProtect VPN with Openconnect
- Connect to running EC2 instance over SSH
-
Launch openconnect with the following command
sudo openconnect --protocol=gp <server>
Split tunnel connection to GlobalProtect VPN with Openconnect (Advanced)
-
Configure split tunnel vpn with the following vpnc-script. Place the script in the location /etc/vpnc/. Make sure to edit the add_ip section with the IP address of the server that you want to be visible on the split tunnel. You may add as many add_ip sections as needed.
#!/bin/sh # List of parameters passed through environment #* INTERNAL_IP4_DNS -- list of dns servers #* CISCO_SPLIT_INC -- number of networks in split-network-list #* CISCO_SPLIT_INC_%d_ADDR -- network address #* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) #* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24) # Add one IP to the list of split tunnel add_ip () { export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1 export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=255.255.255.255 export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=32 export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1)) } # Initialize empty split tunnel list export CISCO_SPLIT_INC=0 # Delete DNS info provided by VPN server to use internet DNS # Comment following line to use DNS beyond VPN tunnel unset INTERNAL_IP4_DNS # List of IPs beyond VPN tunnel add_ip 10.0.0.15 # test.example.com # Execute default script . /etc/vpnc/vpnc-script # End of script -
Run the command below for a split tunnel VPN.
sudo openconnect --protocol=gp --script=/etc/vpnc/vpnc-script-corp-split <server>