Skip to content
Commit d6db0ec0 authored by Daniel Lenski's avatar Daniel Lenski Committed by David Woodhouse
Browse files

Incomplete, speculative IPv6 for GlobalProtect

Client-side IPv6 support was added in v4.0:
	https://live.paloaltonetworks.com/t5/Colossal-Event-Blog/New-GlobalProtect-4-0-announced-with-IPv6-support/ba-p/141593

Server-side IPv6 support was added in PanOS 8.0:
	https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features



I've been wanting to get IPv6 working for a while, but don't have access to
a GP VPN that supports IPv6, and haven't found anyone else who does.  I'm
adding incomplete, speculative IPv6 support here in the hopes that someone
will use it and report back on partial success/failure:

* Known from Windows client: `ipv6-support=yes` in `/ssl-vpn/login.esp`
  request, `preferred-ipv6` in `/ssl-vpn/getconfig.esp` request,
  `client-ipv6` in `/ssl-vpn/hipreport{,check}.esp` requests,
  `app-version=4.0.5-8`,
* Educated guess: 0x0800 in GPST packet header represents IPv4 ethertype,
  and will be replaced with 0x86DD for IPv6 packets.
* Unknown: IPv6 routing configuration tags to expect in
  `/ssl-vpn/getconfig.esp` response. This build prints a prominent
  error message if it encounters any unknown configuration tags
  containing the character '6', and requests feedback to the mailing
  list.

Signed-off-by: Daniel Lenski's avatarDaniel Lenski <dlenski@gmail.com>
parent af93f7fe
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment