On 16 August 2018 at 08:11, Daniel Lenski wrote:
> On Wed, Aug 15, 2018 at 7:31 AM, Jeroen Balduyck
> wrote:
>> Why is the interface address also the gateway? It obviously works but
>> it defies (my) common sense. When I do a traceroute the "real" gateway
>>
I'm trying to cook up PBR with openconnect. But something has gotten
me seriously puzzled and I hope you can give me a wee bit 101 here on
the subject:
A regular route table entry would like like this
DestinationGatewayFlags Netif Expire
0.0.0.0/0 10.36.0.9
>
> The server should pick the same ciphersuite as in the TLS channel. However
> you raise a valid point, you have no way to affect that ciphersuite right?
> Either in the old or the new protocol. Indeed the oc client gives >no control
> on the priority string used to negotiate. You can only con
On 6 July 2018 at 08:28, Nikos Mavrogiannopoulos
wrote:
> That option works only with older ocserv and openconnect versions. With the
> newer the TLS negotiation is the way the cipher is decided.
>
> On July 5, 2018 1:42:51 PM UTC, Daniel Lenski wrote:
>>On Wed, Jul 4, 2018 at 1:07 AM, David Wo
On 1 August 2018 at 16:23, Daniel Lenski wrote:
> On Wed, Aug 1, 2018 at 4:43 AM, Jeroen Balduyck
> wrote:
>> Alright, I did get confirmation that the interface on the server side
>> is 1340 MTU when the tunnel gets established. But that was all but
>> certain. I h
On 1 August 2018 at 11:41, Jeroen Balduyck wrote:
> On 31 July 2018 at 23:54, Daniel Lenski wrote:
>> On Tue, Jul 31, 2018 at 5:32 AM, Jeroen Balduyck
>> wrote:
>>> On Opnsense (Freebsd) I'm running Openconnect in client mode. I get
>>> this unusual error:
On 31 July 2018 at 23:54, Daniel Lenski wrote:
> On Tue, Jul 31, 2018 at 5:32 AM, Jeroen Balduyck
> wrote:
>> On Opnsense (Freebsd) I'm running Openconnect in client mode. I get
>> this unusual error:
>>
>> LZS decompression failed: File too large.
>
&
On Opnsense (Freebsd) I'm running Openconnect in client mode. I get
this unusual error:
LZS decompression failed: File too large.
Related debug output:
X-DTLS-CipherSuite: PSK-NEGOTIATE
X-CSTP-Base-MTU: 1406
X-CSTP-MTU: 1340
DTLS option X-DTLS-DPD : 90
DTLS option X-DTLS-Port : 22
DTLS option X
On 4 July 2018 at 10:07, David Woodhouse wrote:
>
> On Sun, 2018-06-24 at 11:16 +0200, Jeroen Balduyck wrote:
> > It seems I caught a small break looking into this. This works and
> > other 'older' DLTS ciphers like AES-128 work too:
> >
> > --dtls-ciphers
It seems I caught a small break looking into this. This works and
other 'older' DLTS ciphers like AES-128 work too:
--dtls-ciphers='DES-CBC3-SHA' => is identified as DTLS 1.0 (OpenSSL
pre 0.9.8f) in Wireshark
These do not work when using the option:
--dtls-ciphers='AES-256-GCM'
--dtls-ciphers='A
On 25 June 2018 at 15:15, Daniel Lenski wrote:
> On Mon, Jun 25, 2018 at 12:12 PM, Jeroen Balduyck
> wrote:
>> Hi Dan,
>>
>> I *think* I figured it out. Hopefully this post will make it to the
>> list (my other one for this topic is under moderation). I'm u
On 25 June 2018 at 10:34, Daniel Lenski wrote:
> On Sat, Jun 23, 2018 at 12:22 PM, Jeroen Balduyck
> wrote:
>> Hi
>>
>> I've been struggling to get this option to work. Wireshark reports
>> this cipher in the server hello:
>> Cipher Suite: TLS_PSK_WIT
Hi
I've been struggling to get this option to work. Wireshark reports
this cipher in the server hello:
Cipher Suite: TLS_PSK_WITH_AES_256_GCM_SHA384 (0x00a9)
So I queried Gnutls:
Gnutls-cli -l -V | grep a9
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2
TLS_PSK_AES_256_GCM_
deas for feature requests :-)
br,
Jeroen
On 22 June 2018 at 17:19, Daniel Lenski wrote:
> On Thu, Jun 21, 2018 at 9:10 PM, Jeroen Balduyck
> wrote:
>> Hi
>>
>> Can anyone tell me how to run multiple concurrent openconnect
>> instances? I want a establish a client
Hi
Can anyone tell me how to run multiple concurrent openconnect
instances? I want a establish a client connection to 3 different VPN's
at the same time and use policy based routing to a specifc VPN
instance.
Regards,
Jeroen
___
openconnect-devel maili
15 matches
Mail list logo