Here's a script which does split-tunnelling on both IPv4 and IPv6 networks (based on the script Aditya K provided, which still allowed caused all IPv6 traffic to be routed to the VPN). Note also that the setting of CISCO_SPLIT_INC_${N}_MASK variables no longer appears to be needed):
#!/bin/bash
#
# Routes that we want to be used by the VPN link
ROUTES="162.73.0.0/16"
ROUTES6="1ef2:23e:5a4::0/48"
export CISCO_SPLIT_INC=0
# Create environment variables that vpnc-script uses to configure network
function addroute()
{
local ROUTE="$1"
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=${ROUTE%%/*}
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=${ROUTE##*/}
export CISCO_SPLIT_INC=$((${CISCO_SPLIT_INC}+1))
}
export CISCO_IPV6_SPLIT_INC=0
# Do the same for IPv6
function addroute6()
{
local ROUTE="$1"
local NET="${ROUTE%%/*}"
local MASKLEN="${ROUTE##*/}"
export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_ADDR=$NET
export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_MASKLEN=$MASKLEN
export CISCO_IPV6_SPLIT_INC=$((${CISCO_IPV6_SPLIT_INC}+1))
}
# Old function for generating NetworkManager 0.8 GConf keys
function translateroute ()
{
local IPADDR="${1%%/*}"
local MASKLEN="${1##*/}"
local OCTET1="$(echo $IPADDR | cut -f1 -d.)"
local OCTET2="$(echo $IPADDR | cut -f2 -d.)"
local OCTET3="$(echo $IPADDR | cut -f3 -d.)"
local OCTET4="$(echo $IPADDR | cut -f4 -d.)"
local NUMADDR=$(($OCTET1*16581375 + $OCTET2*65536 + $OCTET3*256 + $OCTET4))
local NUMADDR=$(($OCTET4*16581375 + $OCTET3*65536 + $OCTET2*256 + $OCTET1))
if [ "$ROUTESKEY" = "" ]; then
ROUTESKEY="$NUMADDR,$MASKLEN,0,0"
else
ROUTESKEY="$ROUTESKEY,$NUMADDR,$MASKLEN,0,0"
fi
}
if [ "$reason" = "make-nm-config" ]; then
echo "Put the following into the [ipv4] section in your NetworkManager config:"
echo "method=auto"
COUNT=1
for r in $ROUTES; do
echo "routes${COUNT}=${r%%/*};${r##*/};0.0.0.0;0;"
COUNT=$(($COUNT+1))
done
exit 0
fi
for r in $ROUTES; do
addroute $r
done
for r in $ROUTES6; do
addroute6 $r
done
exec /etc/openconnect/vpnc-script