Hey, Dan! Thanks for your reply, and I realize I wasn’t very specific.
I’m using Palo Alto globalprotect protocol, not Cisco. > On Feb 4, 2019, at 6:18 PM, Daniel Lenski <[email protected]> wrote: > >> On Mon, Feb 4, 2019 at 9:23 AM Phillips, Tony <[email protected]> wrote: >> >> I see various discussions through google results when searching for how to >> request a specific IP using OpenConnect. >> >> I've compiled openconnect-8.02 on RHEL7.5, but the --request-ip=x.x.x.x >> command dumps help instead. >> >> Is that actually not part of the code yet? > > This is a feature that I proposed implementing previously (you > probably found > http://lists.infradead.org/pipermail/openconnect-devel/2017-November/004591.html). > It's questionable whether it can or will work broadly enough to be > useful, and not confusing. > > 1) Cisco AnyConnect servers *appeared at first to support it*. > Including "X-CSTP-Address: 1.2.3.4" as a *request* header for CONNECT > appeared to have the desired effect. However, we later tested other > Cisco AnyConnect servers where it didn't work. > 2) Juniper servers: no known way to request a specific address using > the Juniper NC protocol. > 3) GlobalProtect servers support it, and the official GlobalProtect > clients use it. Including "preferred-ip=1.2.3.4" in the getconfig > request basically does the trick. > > Patches to add the `--request-ip` option, IPv4 only: > http://lists.infradead.org/pipermail/openconnect-devel/2017-December/004638.html > I would be quite interested to know if it works for you with Cisco > servers. As mentioned above, there are at least *some* Cisco servers > which ignore it… > > Thanks, > Dan _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
