On Jun 24, 2017 2:52 PM, "David Woodhouse" <dwmw2 at infradead.org> wrote: > On Sat, 2017-06-24 at 22:58 +0200, Geert Stappers wrote: > > > > > > I do understand that I missed it previously _and_ shouldn't have to :-/ > > If you're saying you shouldn't have to specify the protocol... yeah, I > can sympathise with that. We should implement autodetection. I am still up for writing the autodetect, but would like to know if you have any strong opinions about the interface. My ideas: - openconnect should try to autodetect the VPN type if --protocol is not explicitly specified, and should short-circuit out and continue as soon as vpninfo->proto->autodetect(vpninfo) confirms support for some protocol - autodetect functions should use HTTPS and leave the connection in a keep-alive state where it can continue - autodetect functions should just hit a single web page and see if it returns an expected result for that protocol. - autodetect should not depend on login credentials, certificates, etc. in any way - the output of the --authenticate option should set a PROTOCOL variable (in addition to HOST, COOKIE, FINGERPRINT) How's that? -Dan
