IPv6 in AnyConnect for iOS

[sskaje]

AnyConnect 3.0 for os x
$ strings /opt/cisco/anyconnect/lib/libvpnagentutilities.dylib |grep X-CSTP
X-CSTP-Version:
X-CSTP-Address:
X-CSTP-Netmask:
X-CSTP-DNS:
X-CSTP-NBNS:
X-CSTP-Lease-Duration:
X-CSTP-Default-Domain:
X-CSTP-Split-Include:
X-CSTP-Split-Exclude:
X-CSTP-Split-DNS:
X-CSTP-Keep:
X-CSTP-Rekey-Time:
X-CSTP-Rekey-Method:
X-CSTP-Homepage:
X-CSTP-DPD:
X-CSTP-Keepalive:
X-CSTP-MSIE-Proxy:
X-CSTP-MSIE-Proxy-Server:
X-CSTP-MSIE-Proxy-HTTP:
X-CSTP-MSIE-Proxy-Secure:
X-CSTP-MSIE-Proxy-FTP:
X-CSTP-MSIE-Proxy-Gopher:
X-CSTP-MSIE-Proxy-Socks:
X-CSTP-MSIE-Proxy-Exception:
X-CSTP-MSIE-Proxy-PAC-URL:
X-CSTP-MSIE-Proxy-Lockdown:
X-CSTP-Content-Encoding:
X-CSTP-MTU:
X-CSTP-Smartcard-Removal-Disconnect:
X-CSTP-License:
X-CSTP-Idle-Timeout:
X-CSTP-Session-Timeout:
X-CSTP-Disconnected-Timeout:
X-CSTP-FW-Rule:
X-CSTP-MUS-Host:
X-CSTP-DAP-User-Message:
X-CSTP-Disable-Always-On-VPN:
X-CSTP-Quarantine:
X-CSTP-Routing-Filtering-Ignore:
X-CSTP-Tunnel-All-DNS:
X-CSTP-Post-Auth-XML:


I'll try ida pro after work.

sskaje at gmail.com
https://sskaje.me/


On Tue, Dec 30, 2014 at 6:18 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Tue, 2014-12-30 at 13:50 +0800, sskaje wrote:
>> I tried the latest commits, IPv6 address is successfully assigned to
>> clients, but not the route.
>>
>> If no route is set, a 0:0:0:0:0:0:0:0/128 can be found in anyconnect,
>> if any route like  route = 2001::/16, connection fails.
>
> If the full IP6 is not negotiated, then the IPv6 routes get in the
> header "X-CSTP-Split-Include:". As you describe the anyconnect client
> doesn't seem to understand that.
>
> David's commit at:
> http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/e9b90e7b
> seem to suggest that there is no route passing in that case. I'm
> wondering whether that client would be able to parse a custom header of
> "X-CSTP-Split-Include-IP6". If that doesn't work we'll have to figure
> out how and if an anyconnect server is able to send such routes.
>
> regards,
> Nikos
>
>