Incomplete, speculative IPv6 for GlobalProtect
Client-side IPv6 support was added in v4.0: https://live.paloaltonetworks.com/t5/Colossal-Event-Blog/New-GlobalProtect-4-0-announced-with-IPv6-support/ba-p/141593 Server-side IPv6 support was added in PanOS 8.0: https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features I've been wanting to get IPv6 working for a while, but don't have access to a GP VPN that supports IPv6, and haven't found anyone else who does. I'm adding incomplete, speculative IPv6 support here in the hopes that someone will use it and report back on partial success/failure: * Known from Windows client: `ipv6-support=yes` in `/ssl-vpn/login.esp` request, `preferred-ipv6` in `/ssl-vpn/getconfig.esp` request, `client-ipv6` in `/ssl-vpn/hipreport{,check}.esp` requests, `app-version=4.0.5-8`, * Educated guess: 0x0800 in GPST packet header represents IPv4 ethertype, and will be replaced with 0x86DD for IPv6 packets. * Unknown: IPv6 routing configuration tags to expect in `/ssl-vpn/getconfig.esp` response. This build prints a prominent error message if it encounters any unknown configuration tags containing the character '6', and requests feedback to the mailing list. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Loading