On Wed, Oct 21, 2020 at 2:31 PM Beau Barker <bbar...@karasent.com> wrote: > > Is it possible to change the interface mode to TAP?
No. Even if OpenConnect (the client software) wanted to support this TAP/Layer2 mode, there is no compatible server (Cisco or ocserv) which supports such a mode. See https://lists.infradead.org/pipermail/openconnect-devel/2015-February/002774.html and https://www.mail-archive.com/openconnect-devel@lists.infradead.org/msg01071.html for more discussion. > I have a device that needs to connect to a remote server via VPN tunnel. The > device cannot establish a VPN connection on its own and it reports the IP > address it is assigned to the server for communication. That's generally a bad protocol design, to send IP information at the application layer and rely on being able to communicate back to the same IP, or expecting it to match the incoming IP. I thought those kinds of protocols were mostly fixed or replaced in the 90s/00s, when IPv4 NAT became pervasive…? > I have configured a Raspberry PI to establish the VPN tunnel and forward > traffic in NAT mode, but that isn't good enough since the device reports its > private IP address. It should be possible to trick/torture the device into thinking that it has the same IP address as the Raspberry PI itself, by using iptables address-rewriting rules and such. _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
