On Wed, 2014-02-26 at 10:02 +0000, Tomas Moser wrote: > > Does OpenConnect support IPv6 split tunneling feature or not? If not > when do you expect it will? I do not understand changelog clearly - > http://www.infradead.org/openconnect/changelog.html. Yes, it does. The recent commit you see in the changelog? basically just sends the extra header which *requests* a split tunnel config from the ASA. Without that, the server wouldn't send the right routing information. I'm guessing they did that because Cisco's own client wasn't capable of doing things properly in the past so it needs an explicit request from a newer client to enable it. OpenConnect and vpnc-script have supported split tunnels ever since IPv6 support was added though ? it never made any sense to do a half-arsed job and *not* make it work the same as Legacy IP. It's just that we didn't realise that we needed to explicitly *tell* the server we weren't brain-dead. > Our customer wants to buy Cisco ASA platform but strictly insists on > AnyConnect supporting IPv6 on Linux platform. Cisco states there is > NO IPv6 support at all in the latest AnyConnect release 3.1.x for > Linux. I am looking for an alternative solution. Cisco's own client is worse than just not supporting IPv6. It actually *crashes*, in a *setuid* executable (vpnagentd) if you happen to have an IPv6 address on a local Ethernet interface when you start it up. I didn't look to see if it was exploitable like their tmpfile races used to be when I first started on OpenConnect; when it comes to Cisco's crappy clients I really am beyond caring these days. > Is there any document summarizing OpenConnect IPv6 support for > different platforms? This is the 21st century. Any platform mentioned at http://www.infradead.org/openconnect/platforms.html has been tested with IPv6 and not just Legacy IP. What kind of Luddites do you think we are? :) -- dwmw2 ? http://git.infradead.org/users/dwmw2/openconnect.git/commit/e9b90e7b3 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140303/d9abee26/attachment.bin>
