On Wed, 2012-01-04 at 19:37 -0500, KEN YAP wrote: > I'm sure this must have been asked before, but is there an open source > anyconnect *server* complementing openconnect client? I couldn't find > anything with a search. This protocol is easier to deploy than openvpn > due to the ability to tunnel via https. Is the protocol patent > encumbered by Cisco or something like that? I don't believe there are any patents covering the protocol. Even in the corrupt and widely-abused US patent system, there's nothing in it that could be patentable ? it's all *entirely* obvious and trivial. At http://redmine.lighttpd.net/issues/2060 there is a patch to lighttpd which makes it support the CONNECT request that the AnyConnect protocol uses to make the actual connection. The other interesting part for the VPN itself is making sure OpenSSL can support the speshul non-standard version of DTLS that Cisco uses, in server mode as well as client mode. Then it's just a matter of hooking up the authentication parts with forms and cert checking as required, and issuing IP addresses. You'll probably end up wanting to make it talk RADIUS. I do have a dirty hack which I use for testing, but it's not even worth sharing. It addresses none of the real issues that you'll have; it's just a simple loop spawned from inetd, which checks for a hard-coded cookie and then just opens a pre-configured tun device and passes packets back and forth. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5818 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120105/7d2b953e/attachment.bin>
