Add option to set protocol-specific parameters
There are a number of protocol-idiosyncratic parameters which sometimes need to be set to specific values to comply with specific VPN's host identification or Trojan mechanisms.
- For AnyConnect, we have
mobile_{platform_version,device_type,device_uniqueid,mac_address}(somewhat misleadingly named because these are not mobile-specific). We already have theopenconnect_set_mobile_infoAPI function to set these, but no CLI mechanism to invoke it. - For Juniper/Pulse, we have a few parameters that may need to be set for TNCC to function, including
TNCC_DEVICE_ID,TNCC_PLATFORM(e.g.Windows 10.1 SP2 x64 blah blah) andTNCC_HWADDR`. - For GlobalProtect, we have
hostid,osname, and a few other parameters that appear sprinkled throughout the protocol and might be needed by some VPNs for a specific client to be accepted.hostid=BLAHBLAHBLAHBLAH"
There are a few common ones:
- some kind of client device identifier (already have
mobile_device_uniqueid) which is "opaque"/"unique" as opposed to the transparent local hostname (localname) - some kind of detailed platform identifier (already have
mobile_platform_version) which is "finer-grained" than the coarse Linux/macOS/Windows (platname) - MAC address (already have
mobile_mac_adress)
Rather than trying to create new CLI options and APIs for new ones as we find them, I propose that we recognize that these are only required by a minority of VPNs, fundamentally idiosyncratic, and just a random grab-bag of keys/values that we need to echo to servers that require them.
We should add a CLI option, something like --local-attribute (to go along with --local-hostname) to set arbitrary key-value pairs which can be used by each protocol as needed.
See https://lists.infradead.org/pipermail/openconnect-devel/2020-April/005667.html for more discussion.