add F5 and Fortinet (!169) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge add_f5_and_fortinet into ppp_core Feb 22, 2021

This is intended to be merged after !165 (closed), which contains the core PPP functionality (configuration state machine and mainloop).

The F5 and Fortinet protocols (both PPP-based) are working and have sufficient authentication implementations for many real-world users:

F5: username+password only
Fortinet:
- username+password or username, password, and challenge-based 2FA
- non-default realm (specified via URL path, e.g. /realm)

This MR adds the F5 and Fortinet protocols with PPP-over-TLS tunnels only. Support for PPP-over-DTLS will be added in the future. (They're straightforward to explain, but require some refactoring to implement.)

This MR additionally includes integration tests of the authentication and configuration-fetching parts of these protocols. These tests require Python 3.6+ with the Flask module, used to run simple HTTPS servers which mock the requests/responses used in authentication and config-fetching.

Edited Mar 29, 2021 by Daniel Lenski

add F5 and Fortinet

Merge request reports