On Fri, 2019-04-05 at 17:31 +0300, Daniel Lenski wrote: > There doesn't seem to be much (if any) wiggle room in how the ESP > packets are formatted once the enc+MAC methods are specified, Hah. You say that, and yet as I try to make OpenConnect talk to the kernel's ESP implementation following on from my last email, I see that Wireshark (equipped with ESP keys and everything) can decode the kernel's traffic, and shows that it has padding and "next header" fields in the ESP, while what OpenConnect sends is the bare SPI/seq/IV that we know. So there's something else going on there. I wonder if I needed the UDP_ENCAP_NO_IKE variant...
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
