adding support for PAN Globalprotect (SSL+ESP) to Openconnect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2016-11-06 at 13:55 -0800, Daniel Lenski wrote:
> As discussed last month
> (http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004010.html),
> I've modified openconnect to support Globalprotect VPNs. This is an
> SSL+ESP VPN and it has been fairly straightforward to make Openconnect
> support it.
> 
> I've now been using it successfully for real work for several weeks
> and have a couple reports of successful use by others.
> 
> Is this a good point to submit patches to add GP support?
> 
> I was planning to break down my changes into two parts to make them
> easier to review. First, add *SSL-only* support for GP. This is a
> pretty self-contained change, requiring only two small patches to the
> rest of the OpenConnect code to work correctly:
> 
> - Handle IPv4 route specified as either 10.1.2.0/255.255.255.0 or 10.1.2.0/24:
>   http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004039.html
> 
> - Unset got_cancel_cmd after reacting to it, as is already done for
> got_pause_cmd:
>   http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004038.html

I've merged these and they'll be in the 7.08 release, which I'm working
on right now and?hoping to push?out today unless anything explodes.

I'm slightly reticent about merging new protocols but I think it makes
sense, and your submissions so far have reassured me that you'll do a
good job of maintaining it.

However, I think I do need to lumber you with an additional hurdle
before we merge your new protocol after 7.08 ? let's add a new API to
check whether libopenconnect supports a given protocol, or to enumerate
the protocols it supports. Currently it's just a hard-coded "if it's
7.05 or newer, it supports Juniper too", and I don't think we want that
to continue. Let's do something explicit instead, and things like
NetworkManager-openconnect can base their decisions on that.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161213/d8123ee0/attachment.bin>
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux