Dear David, Thanks for the reply.
So it is alike SSL VPN with data encapsulated into HTTP Packets, but I don't get how does HTTP run over UDP. Kind regards GLG 2009/1/24 David Woodhouse <dw...@infradead.org> > On Sat, 2009-01-24 at 00:13 +0100, Georges Le grand wrote: > > I wonder if you could give out a reference on how to establish a VPN > > using DTLS or to tell how to do so. > > We are just using Cisco's "AnyConnect" VPN, which runs over an HTTPS > 'CONNECT' and will use DTLS for subsequent data transfer if it can. The > client code is at git://git.infradead.org/users/dwmw2/openconnect.git > (viewable in gitweb by changing git:// to http:// in that URL). > > That code works on Linux and MacOS, and if anyone wants to provide a > patch to make it work on other BSD systems that would be much > appreciated. > > Since Cisco use an old version of OpenSSL on the server side, you'll > need to patch OpenSSL to make it compatible with its own pre-RFC version > of DTLS -- see http://rt.openssl.org/Ticket/Display.html?id=1751 for the > patch. > > The VPN will work over HTTPS if you don't patch OpenSSL, but VPN over > TCP is a very suboptimal solution. > > I haven't done server-side code yet; the point of this was to > interoperate with the existing servers, and I have no immediate need to > _replace_ them. It really wouldn't be hard though -- it's all fairly > trivial stuff. > > You might also be interested in http://campagnol.sourceforge.net/ > > -- > dwmw2 > >
