Isn't ikev1 kind of being phased out? On April 19, 2019 5:58:40 PM UTC, Daniel Lenski <dlenski@xxxxxxxxx> wrote: >On Thu, Apr 18, 2019 at 5:04 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> >wrote: >> Junos Pulse (which we should support because it supports IPv6 and at >> some point they're doing to stop supporting the legacy NC protocol) >has >> something similar. Hence the hack checking for cert_md5 in >> http://david.woodhou.se/proxy.go > >Ah, nice. Do you have an OpenConnect branch with Pulse support? (Even >if crude and incomplete) Or some kind of protocol description? > >> We really ought to do IPSec support so we can obsolete vpnc. Our ESP >> support for AES-CBC-HMAC-SHA1 is *really* fast now on the 'perfhacks' >> branch... :) > >I know we've discussed this before and I've expressed some skepticism >about my ability to reimplement IPSEC (IKEv1) in a worthwhile way >given the huge variety of options and kludges and workarounds for >various IPSEC servers in vpnc. I personally only have access to one >(Cisco) VPN concentrator these days. > >Dan > >_______________________________________________ >openconnect-devel mailing list >openconnect-devel@xxxxxxxxxxxxxxxxxxx >http://lists.infradead.org/mailman/listinfo/openconnect-devel -- Sent from my mobile. Please excuse my brevity. _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
