AnyConnect 3.0 for os x $ strings /opt/cisco/anyconnect/lib/libvpnagentutilities.dylib |grep X-CSTP X-CSTP-Version: X-CSTP-Address: X-CSTP-Netmask: X-CSTP-DNS: X-CSTP-NBNS: X-CSTP-Lease-Duration: X-CSTP-Default-Domain: X-CSTP-Split-Include: X-CSTP-Split-Exclude: X-CSTP-Split-DNS: X-CSTP-Keep: X-CSTP-Rekey-Time: X-CSTP-Rekey-Method: X-CSTP-Homepage: X-CSTP-DPD: X-CSTP-Keepalive: X-CSTP-MSIE-Proxy: X-CSTP-MSIE-Proxy-Server: X-CSTP-MSIE-Proxy-HTTP: X-CSTP-MSIE-Proxy-Secure: X-CSTP-MSIE-Proxy-FTP: X-CSTP-MSIE-Proxy-Gopher: X-CSTP-MSIE-Proxy-Socks: X-CSTP-MSIE-Proxy-Exception: X-CSTP-MSIE-Proxy-PAC-URL: X-CSTP-MSIE-Proxy-Lockdown: X-CSTP-Content-Encoding: X-CSTP-MTU: X-CSTP-Smartcard-Removal-Disconnect: X-CSTP-License: X-CSTP-Idle-Timeout: X-CSTP-Session-Timeout: X-CSTP-Disconnected-Timeout: X-CSTP-FW-Rule: X-CSTP-MUS-Host: X-CSTP-DAP-User-Message: X-CSTP-Disable-Always-On-VPN: X-CSTP-Quarantine: X-CSTP-Routing-Filtering-Ignore: X-CSTP-Tunnel-All-DNS: X-CSTP-Post-Auth-XML: I'll try ida pro after work. sskaje at gmail.com https://sskaje.me/ On Tue, Dec 30, 2014 at 6:18 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On Tue, 2014-12-30 at 13:50 +0800, sskaje wrote: >> I tried the latest commits, IPv6 address is successfully assigned to >> clients, but not the route. >> >> If no route is set, a 0:0:0:0:0:0:0:0/128 can be found in anyconnect, >> if any route like route = 2001::/16, connection fails. > > If the full IP6 is not negotiated, then the IPv6 routes get in the > header "X-CSTP-Split-Include:". As you describe the anyconnect client > doesn't seem to understand that. > > David's commit at: > http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/e9b90e7b > seem to suggest that there is no route passing in that case. I'm > wondering whether that client would be able to parse a custom header of > "X-CSTP-Split-Include-IP6". If that doesn't work we'll have to figure > out how and if an anyconnect server is able to send such routes. > > regards, > Nikos > >
