Re: Does openconnect support IPSec with EAP-MSCHAPv2 authentication?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 23, 2020 at 4:43 PM dan.mazz@xxxxxxxxx <dan.mazz@xxxxxxxxx> wrote:
>
> As much as I would like the share the capture, I'm not really sure I
> have the liberty of sharing it? As there could be private information
> contained within it. I know that makes this more difficult for me.

One approach is to try to put together an anonymized document that
describes the protocol abstractly, like I did here for GlobalProtect
as I was studying it:
https://github.com/dlenski/openconnect/blob/master/PAN_GlobalProtect_protocol_doc.md

The good news is that a lot of the information needed to add support
for Cisco IPSEC is probably right there in the headers of the CSTP
connection request/response which we already understand very well. Try
connect to your server with `openconnect --dump -vvvv`, and start
looking for HTTP headers that mention IPSEC or ESP.

It's all plain text at that point, so it should be quite
straightforward to identify and obfuscate anything that may be
sensitive (e.g. username, password, cookies, secret values).

Dan

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux