OpenWRT Version v15.05.01(Openconnect Version 7.06-3) --> Cisco ASA Version 9.2.4

I have setup an openconnect interface on my device pointing to my ssl appliance (ASA5505).  If all works if I leave use default route unchecked on the VPN interface.. i.e split tunneling works fine.

If I check the use default route for the VPN interface.  I get no connectivity anywhere..  I am not even seeing the SSL packets going out the WAN interface.

What do I need to do?

Is the thread title slightly biased? Might the complication lie elsewhere (mmm, OpenConnect)?

If the thread title is biased, I apologize.  As the routing of packets is handled by the openwrt stack,  I truly believe it to be an openwrt issue or configuration issue.

I am hoping the fault is mine,  I just need ideas on how to fix this.

Regards,
Randy

Incorrect. Linux stack.

Randy,

Max Hopper tries hard to act like a troll in this forum, please "ignore" all his responses that are not meaningfully related to your question. For reasons only known to him, he mostly does what he shoed in this thread trying to find an "inaccuracy" or small wrong detail in an post and then will respond to that. That is a pity as I am sure that if he wanted he could be an actual help here in the forum. What somewhat puzzles me though is the reference to "courtesy" in his signature, I am not sure he fully understands that concept (as judged from his often terse to the limit of hostility worded posts), but I digress.
        Regarding your actual question, I believe that openconnect uses a script (often called vpnc-script or so, see http://www.infradead.org/openconnect/building.html and http://www.infradead.org/openconnect/vpnc-script.html ) to handle the routing changes, maybe that script has issues with your configuration? I believe that at least for non-openwrt linux distributions the newer vpnc-script from the openconnect link works a bit better than the original one from vpnc, maybe replacing that script will also help on openwrt. Finally I would try to contact Nikos Mavrogiannopoulos (https://github.com/nmav) who maintains the openconnect package for openwrt, maybe he can help you debug things.

Best Regards
        M.

@Max this is a prime example of the reason why most of your post stick out like a sore post in this forum: your unwillingness to actually verbalize your thoughts in a way that can be easily parsed by other communication partners. I would humbly recommend you to read "When what you type isn’t what they read: The perseverance of stereotypes and expectancies over e-mail" (http://faculty.chicagobooth.edu/nichola … kruger.pdf) and "Egocentrism over e-mail: can we communicate as well as we think?" (http://faculty.chicagobooth.edu/nichola … etal05.pdf). Spoiler alert" "people tend to believe that they can communicate over e-mail more effectively than they actually can".
        But to not let you "guess" why I consider my response in this thread slightly better than yours: it is the specificity. Unlike you I took the time to figure out who maintains the openconnect package for openwrt and included a link, while you (trying to be succinct?) left things to vague... just following the openconnect pointer will lead you to http://www.infradead.org/openconnect/ and not the openwrt port/package... But I guess we might ned to agree to disgree here, the reason why I respond at all is that I really dislike your hostility towards posters in this forum, and I do not want this forum to slowly turn unpleasant and the demeanor toxic...

Best Regards
        M.

Wherein the intelligence and capability of OPers is disregarded. That OpenWrt is installed to fulfill a requirement with which OEM software is incapable implies creativity that mollycoddling represses.

According to that logic you might not want to respond at all, since that obviously interferes even less with the OPs creativity... Now, there are some that would argue that people that post a question in a forum might be more interested in a specific answer than having their "creativity" tickled...
        But this confirms my impression, that your forum behavior follows some "philosophical" world view... do you really think (most of) your posts actually increase the signal to noise ratio in the openwrt forum?

Regards
        M.

Corrected some typos and verbiage.

(Last edited by moeller0 on 13 May 2016, 09:01)

@moeller0 - rather a personal philosphy of self-reliance and learning, attributes which are broadly valued above instant gratification.  The 'just tell me' posters become self-deluded in believing they have acquired subject matter mastery.  'give back' posts of OPers after garnering knowledge before succeeding are prima facie evidence that encouraging understanding through research, however terse the encouragement, is helpful.

Either this, or you are just great at rationalizing troll-like behavior. I remember at least one occasion, where you obviously had no clue about the OPs question but let that not get in your way when posting cryptic/terse "puzzles"; I guess, to each his own.
        What you (attempt to) practice is the "give a man a fish (and you will fedd him for a day)" vs "teach a man to fish (and you feed him for a lifetime)" approach, except that you do not yet excel at the teaching part im my opinion... And I believe you are over-rating your own influence/leverage on people in the forums; from my perspective you mostly manage to scare/annoy posters away, that probably often leave the openwrt forums without an answer to theit question but with the idea that all of us are behaving like "jerks".
        But thanks for explaining your rationale/justification for the behavior; I thus realize I will not be able to convince you soften your approach (just as I hope I will not resort to your open unfriendliness)...
        I will probably continue to occasionally try to step in when I have the feeling your are "mis-treating" innocent posters; I can be just as stubborn/dedicated as you.

Best Regards
        M.