On Thu, Apr 18, 2019 at 5:04 PM David Woodhouse <[email protected]> wrote: > Junos Pulse (which we should support because it supports IPv6 and at > some point they're doing to stop supporting the legacy NC protocol) has > something similar. Hence the hack checking for cert_md5 in > http://david.woodhou.se/proxy.go
Ah, nice. Do you have an OpenConnect branch with Pulse support? (Even if crude and incomplete) Or some kind of protocol description? > We really ought to do IPSec support so we can obsolete vpnc. Our ESP > support for AES-CBC-HMAC-SHA1 is *really* fast now on the 'perfhacks' > branch... :) I know we've discussed this before and I've expressed some skepticism about my ability to reimplement IPSEC (IKEv1) in a worthwhile way given the huge variety of options and kludges and workarounds for various IPSEC servers in vpnc. I personally only have access to one (Cisco) VPN concentrator these days. Dan _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
