On Thu, Apr 18, 2019 at 5:04 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > Junos Pulse (which we should support because it supports IPv6 and at > some point they're doing to stop supporting the legacy NC protocol) has > something similar. Hence the hack checking for cert_md5 in > http://david.woodhou.se/proxy.go Ah, nice. Do you have an OpenConnect branch with Pulse support? (Even if crude and incomplete) Or some kind of protocol description? > We really ought to do IPSec support so we can obsolete vpnc. Our ESP > support for AES-CBC-HMAC-SHA1 is *really* fast now on the 'perfhacks' > branch... :) I know we've discussed this before and I've expressed some skepticism about my ability to reimplement IPSEC (IKEv1) in a worthwhile way given the huge variety of options and kludges and workarounds for various IPSEC servers in vpnc. I personally only have access to one (Cisco) VPN concentrator these days. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
