From: Daniel Lenski Date: Wed, 26 Jul 2023 20:41:15 +0000 (-0400) Subject: Request help with the interpretation of F5 URIs in the docs X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=b0034f2acb3791e428b024af9fb4285a74bf068b;p=users%2Fdwmw2%2Fopenconnect.git Request help with the interpretation of F5 URIs in the docs Some F5 VPNs use these to complete authentication and handoff to the proprietary client, and we currently don't know how to interpret them in a way that would allow OpenConnect to be used instead. See https://gitlab.com/openconnect/openconnect/-/issues/639 and https://lists.infradead.org/pipermail/openconnect-devel/2021-August/005035.html for further discussion. Signed-off-by: Daniel Lenski --- diff --git a/www/f5.xml b/www/f5.xml index 37fc873b..e48b7350 100644 --- a/www/f5.xml +++ b/www/f5.xml @@ -52,10 +52,25 @@ or similar (see issue for details on how this was determined).

RSA or OATH tokens), please send information to the mailing list so that we add support to OpenConnect.

+

DTLS

+

Connectivity over DTLS is supported. On BIG-IP server v16, it is possible to use either DTLSv1.0 or DTLSv1.2, if configured correctly. On BIG-IP server v15, it is limited to DTLSv1.0 because experiments show that BIG-IP server v15 cannot negotiate correctly down to DTLSv1.0 when a newer version of DTLS is attempted.

+

Interpreting f5-vpn:// URIs

+ +

Some proprietary F5 VPN clients use a web-based front-end for authentication. +This authentication flow terminates in a URI that starts with f5-vpn://, +for which the proprietary F5 client is registered as a handler.

+ +

We do not yet understand how to interpret these URIs in a way that is sufficient to +allow OpenConnect to use them to establish a connection. See +GitLab issue #639 and +this +August 2021 discussion on the mailing list. Please contribute if +you have information that can help us understand how to use these URIs.

+