www.infradead.org Git - users/dwmw2/openconnect.git/commit

author	Daniel Lenski <dlenski@gmail.com>
	Fri, 12 Jan 2018 09:44:17 +0000 (01:44 -0800)
committer	David Woodhouse <dwmw2@infradead.org>
	Sun, 9 Jun 2019 23:51:05 +0000 (00:51 +0100)
commit	d6db0ec03394234d41fbec7ffc794ceeb486a8f0
tree	72f77dabf2edbc287dde756c4ce7b75275b17b21	tree
parent	af93f7fe5827ab0f1d2e75d04b1e568d8bf82a5a	commit \| diff

Incomplete, speculative IPv6 for GlobalProtect

Client-side IPv6 support was added in v4.0:
https://live.paloaltonetworks.com/t5/Colossal-Event-Blog/New-GlobalProtect-4-0-announced-with-IPv6-support/ba-p/141593

Server-side IPv6 support was added in PanOS 8.0:
https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features

I've been wanting to get IPv6 working for a while, but don't have access to
a GP VPN that supports IPv6, and haven't found anyone else who does.  I'm
adding incomplete, speculative IPv6 support here in the hopes that someone
will use it and report back on partial success/failure:

* Known from Windows client: `ipv6-support=yes` in `/ssl-vpn/login.esp`
  request, `preferred-ipv6` in `/ssl-vpn/getconfig.esp` request,
  `client-ipv6` in `/ssl-vpn/hipreport{,check}.esp` requests,
  `app-version=4.0.5-8`,
* Educated guess: 0x0800 in GPST packet header represents IPv4 ethertype,
  and will be replaced with 0x86DD for IPv6 packets.
* Unknown: IPv6 routing configuration tags to expect in
  `/ssl-vpn/getconfig.esp` response. This build prints a prominent
  error message if it encounters any unknown configuration tags
  containing the character '6', and requests feedback to the mailing
  list.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

auth-globalprotect.c		diff \| blob \| history
gpst.c		diff \| blob \| history
trojans/hipreport.sh		diff \| blob \| history
www/globalprotect.xml		diff \| blob \| history
www/hip.xml		diff \| blob \| history