Hey, Dan! Thanks for your reply, and I realize I wasn?t very specific. I?m using Palo Alto globalprotect protocol, not Cisco. > On Feb 4, 2019, at 6:18 PM, Daniel Lenski <dlenski at gmail.com> wrote: > >> On Mon, Feb 4, 2019 at 9:23 AM Phillips, Tony <tonyphillips at ti.com> wrote: >> >> I see various discussions through google results when searching for how to request a specific IP using OpenConnect. >> >> I've compiled openconnect-8.02 on RHEL7.5, but the --request-ip=x.x.x.x command dumps help instead. >> >> Is that actually not part of the code yet? > > This is a feature that I proposed implementing previously (you > probably found http://lists.infradead.org/pipermail/openconnect-devel/2017-November/004591.html). > It's questionable whether it can or will work broadly enough to be > useful, and not confusing. > > 1) Cisco AnyConnect servers *appeared at first to support it*. > Including "X-CSTP-Address: 1.2.3.4" as a *request* header for CONNECT > appeared to have the desired effect. However, we later tested other > Cisco AnyConnect servers where it didn't work. > 2) Juniper servers: no known way to request a specific address using > the Juniper NC protocol. > 3) GlobalProtect servers support it, and the official GlobalProtect > clients use it. Including "preferred-ip=1.2.3.4" in the getconfig > request basically does the trick. > > Patches to add the `--request-ip` option, IPv4 only: > http://lists.infradead.org/pipermail/openconnect-devel/2017-December/004638.html > I would be quite interested to know if it works for you with Cisco > servers. As mentioned above, there are at least *some* Cisco servers > which ignore it? > > Thanks, > Dan
