This project is mirrored from git://git.infradead.org/users/dwmw2/openconnect.git. Updated .
  1. 09 Jun, 2019 3 commits
    • Daniel Lenski's avatar
      Add hipreport-android.sh · fe32beb7
      Daniel Lenski authored
      The desktop version of the HIP report doesn't work on Android in part
      because the here-doc appears to exceed the size of the read buffer in
      Android's rather primitive /system/bin/sh.  This is a rather confusing bug
      to identify and diagnose.
      
      Include an alternate script with minimal contents (hipreport-minimal.sh)
      which is suitable for use on Android.
      Signed-off-by: Daniel Lenski's avatarDaniel Lenski <dlenski@gmail.com>
      fe32beb7
    • Daniel Lenski's avatar
      Incomplete, speculative IPv6 for GlobalProtect · d6db0ec0
      Daniel Lenski authored
      Client-side IPv6 support was added in v4.0:
      	https://live.paloaltonetworks.com/t5/Colossal-Event-Blog/New-GlobalProtect-4-0-announced-with-IPv6-support/ba-p/141593
      
      Server-side IPv6 support was added in PanOS 8.0:
      	https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/globalprotect-features
      
      I've been wanting to get IPv6 working for a while, but don't have access to
      a GP VPN that supports IPv6, and haven't found anyone else who does.  I'm
      adding incomplete, speculative IPv6 support here in the hopes that someone
      will use it and report back on partial success/failure:
      
      * Known from Windows client: `ipv6-support=yes` in `/ssl-vpn/login.esp`
        request, `preferred-ipv6` in `/ssl-vpn/getconfig.esp` request,
        `client-ipv6` in `/ssl-vpn/hipreport{,check}.esp` requests,
        `app-version=4.0.5-8`,
      * Educated guess: 0x0800 in GPST packet header represents IPv4 ethertype,
        and will be replaced with 0x86DD for IPv6 packets.
      * Unknown: IPv6 routing configuration tags to expect in
        `/ssl-vpn/getconfig.esp` response. This build prints a prominent
        error message if it encounters any unknown configuration tags
        containing the character '6', and requests feedback to the mailing
        list.
      Signed-off-by: Daniel Lenski's avatarDaniel Lenski <dlenski@gmail.com>
      d6db0ec0
    • Daniel Lenski's avatar
      Better spoofed HIP report · cc1f9a97
      Daniel Lenski authored
      Some GlobalProtect VPNs appear to actually check the contents of the HIP
      report in some way, and require that anti-virus/anti-spyware software be
      labeled as up-to-date.
      
      Also, the --computer parameter is no longer needed (now that its value
      is included in the "cookie")
      Signed-off-by: Daniel Lenski's avatarDaniel Lenski <dlenski@gmail.com>
      cc1f9a97
  2. 04 Jan, 2019 1 commit
  3. 03 Jan, 2019 2 commits