From 9a06eb77eae0622edd5936ccaddc4539e2d722cc Mon Sep 17 00:00:00 2001
From: Romain Gallet <romain.gallet@gmail.com>
Date: Fri, 28 Jun 2024 12:38:43 +0200
Subject: [PATCH 1/2] NOJ - Updated script with warning message.

---
 build-aux/scripts/split.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/build-aux/scripts/split.sh b/build-aux/scripts/split.sh
index ddd5f12..041bb44 100644
--- a/build-aux/scripts/split.sh
+++ b/build-aux/scripts/split.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+# THIS SCRIPT IS PART OF gohip. DO NOT MODIFY IT UNLESS YOU KNOW WHAT YOU ARE DOING.
+
 set -e
 
 CONFIG_FILE=/etc/vpnc/splitvpn
@@ -22,11 +24,11 @@ fi
 
 . $CONFIG_FILE
 
-DISNEY_NET="10/8"
+VPN_NET="10/8"
 VPN_DEV="tun0"
 
 ip route del default
 ip route add default via $GW dev $MAIN_DEV
-ip route add $DISNEY_NET dev $VPN_DEV
+ip route add $VPN_NET dev $VPN_DEV
 
 exit 0

From 0f1059940c4e96a1d8aa4c2470b4d9521499e6a3 Mon Sep 17 00:00:00 2001
From: Romain Gallet <romain.gallet@gmail.com>
Date: Fri, 28 Jun 2024 12:45:30 +0200
Subject: [PATCH 2/2] NOJ - Updated script with warning message.

---
 README.md                  | 19 ++++++++++---------
 build-aux/scripts/split.sh |  4 ++--
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index b4784ed..198fbd4 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,12 @@ gohip
 
 The HIP ( `Host Integrity Protection`) mechanism is a security scanner for the Palo Alto Networks GlobalProtect VPNs, in the same vein as Cisco's CSD and Juniper's Host Checker ([source](https://www.infradead.org/openconnect/hip.html)).
 
-# Install
+# Installation
 
 Download and install `gohip` from the [releases page](https://github.com/bechampion/gohip/releases).
 
+The packaged version will drop a file in `/etc/vpnc/post-connect.d/split.sh`. If you opted to install the binary manually, you can create this file manually should you want to use the _splitvpn_ feature.
+
 # Usage
 
 Create file `/etc/vpnc/splitvpn` with the following content:
@@ -24,16 +26,15 @@ Then start the vpn client with
 	
 # Using your default browser (so creds are remembered , hsm etc)
 
-You can pass `--default-browser` to gpclient is your in version `2.3.2` at least ,  and that should open on what xdg-config says
-```
-sudo -E gpclient connect --hip --csd-wrapper /home/jgarcia/Projects/disney/xgohip iad1gwavo.gp.disneystreaming.com --default-browser
-```
+You can pass `--default-browser` to `gpclient` if your in version `2.3.2` at least,  and that should open on what `xdg-config` says
+    
+    sudo -E gpclient connect --hip --csd-wrapper /path/to/gohip vpn.endpoint.com --default-browser
+
 
 To set your default browser you can do
-```
-xdg-settings set default-web-browser firefox.desktop
-```
+
+    xdg-settings set default-web-browser firefox.desktop
 
 
 ## Notes
-If you use firefox/chrome from snaps this will not work ,  gpclient drops a file on `/tmp` that needs to be reachable by the browser and that doesn't work with snaps
+If you use firefox/chrome from snaps this will not work,  gpclient drops a file on `/tmp` that needs to be reachable by the browser and that doesn't work with snaps
diff --git a/build-aux/scripts/split.sh b/build-aux/scripts/split.sh
index 041bb44..5e51205 100644
--- a/build-aux/scripts/split.sh
+++ b/build-aux/scripts/split.sh
@@ -22,11 +22,11 @@ EOF
     exit 0
 fi
 
-. $CONFIG_FILE
-
 VPN_NET="10/8"
 VPN_DEV="tun0"
 
+. $CONFIG_FILE
+
 ip route del default
 ip route add default via $GW dev $MAIN_DEV
 ip route add $VPN_NET dev $VPN_DEV