On Sat, 2016-10-08 at 01:52 -0500, Daniel Lenski wrote: > Fair enough :-). It turns out that the stream format in this > particular case is pretty simple, so I should quit my whining and/or > whinging. You don't *have* to stop whinging; I've been doing the Cisco protocol for about 8 years now and I still haven't stopped whinging about that (partly because they're still constrained by hardware to doing a version of the DTLS protocol from before it was even standardised, and I've had to *add* support for that variant to two crypto libraries). And I added a whole new set of naughty words to my repertoire when I did the Juniper protocol :) > For some reason, the Windows client drops the tunnel connection after > a few seconds of running it through a (non-transparent) proxy. > It seems to get stupidly confused as soon as it changes the default route > and thinks it has lost communication with the proxy. Perhaps it preserves the specific route to the VPN server... but not to the proxy? I've had a bug like that in the past... When there's no proxy (and when the UDP channel is blocked and can't establish), I assume it stays up? > I'll start hacking on the OpenConnect code and will try to get the SSL > tunnel working before ESP. Great. > I don't know what the getconfig XML will look like for an IPv6 network > configuration. A few minutes of googling didn't turn up anything very > useful. Running 'strings' on the executable can often be enlightening. Failing that though, it'll have to be Legacy IP only for now. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5760 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161008/d2597d24/attachment.bin>
