On Thu, 2015-01-01 at 10:29 +0000, David Woodhouse wrote: > > So I think I'd be happy enough to look at abstracting out the specific > SSL VPN protocol parts and making OpenConnect support multiple > protocols. The main sticking point is that we actually need some > details > about *how* those other SSL VPN protocols works. It looks like the Juniper one actually works fairly similarly to AnyConnect ? an authentication stage that results in a cookie, followed by actually making the connection using that cookie. The authentication part has even been implemented in open source at https://smallhacks.wordpress.com/2012/07/15/jvpn-perl-script-to-connect-to-the-juniper-vpn-with-host-checker-enabled/ For the VPN connection itself, I've thrown together an untested prototype: http://git.infradead.org/users/dwmw2/openconnect-juniper.git It didn't take that much work to abstract out the Cisco protocol bits from the generic VPN support in OpenConnect. Once the dust has settled and we have things working, I'll take a closer look at whether it could be done more cleanly than my initial attempt. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150119/b1896e25/attachment.bin>