On Wed, 2012-11-14 at 23:02 +1300, Dave Koelmeyer wrote: > Thanks for your reply, that gives me something to start with. Looking at > the logs generated by QuickVPN it certainly seems to suggest that the > initial connection at least is made over HTTPS. My core question then is > if OpenConnect is potentially a solution for this, or am I barking up > the wrong tree and should look at vpnc, for example? It's too early to tell. I think a tcpdump of an active connection has indicated that IPSec was being used ? so it may well end up being a wrapper around vpnc or an extension to vpnc to make it do the initial HTTPS negotiation. Or it might *sometimes* negotiate to use IPSec, and sometimes do something else over the SSL connection ? in which case maybe we'd extend OpenConnect to do it, but to invoke vpnc where needed. Or something like that. But work out what it's doing first, and then we can debate how best to implement it. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20121114/e67400de/attachment-0001.bin>
