On Sun, 2016-11-06 at 13:55 -0800, Daniel Lenski wrote: > As discussed last month > (http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004010.html), > I've modified openconnect to support Globalprotect VPNs. This is an > SSL+ESP VPN and it has been fairly straightforward to make Openconnect > support it. > > I've now been using it successfully for real work for several weeks > and have a couple reports of successful use by others. > > Is this a good point to submit patches to add GP support? > > I was planning to break down my changes into two parts to make them > easier to review. First, add *SSL-only* support for GP. This is a > pretty self-contained change, requiring only two small patches to the > rest of the OpenConnect code to work correctly: > > - Handle IPv4 route specified as either 10.1.2.0/255.255.255.0 or 10.1.2.0/24: > http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004039.html > > - Unset got_cancel_cmd after reacting to it, as is already done for > got_pause_cmd: > http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004038.html I've merged these and they'll be in the 7.08 release, which I'm working on right now and?hoping to push?out today unless anything explodes. I'm slightly reticent about merging new protocols but I think it makes sense, and your submissions so far have reassured me that you'll do a good job of maintaining it. However, I think I do need to lumber you with an additional hurdle before we merge your new protocol after 7.08 ? let's add a new API to check whether libopenconnect supports a given protocol, or to enumerate the protocols it supports. Currently it's just a hard-coded "if it's 7.05 or newer, it supports Juniper too", and I don't think we want that to continue. Let's do something explicit instead, and things like NetworkManager-openconnect can base their decisions on that. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5760 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161213/d8123ee0/attachment.bin>