Supporting Juniper and other types of SSL VPN
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Jan 4 02:05:03 PST 2015
On Sat, 2015-01-03 at 23:58 +0000, David Woodhouse wrote:
> > Said that, I'd like the current openconnect protocol to be better, and
> > standardized, and it is one of my goals this year to write a draft
> > description of the protocol, possibly enhancing it as well by
> > eliminating the hacks from it, like the openssl string negotiation, and
> > the explicitly transferred DTLS key.
>
> I'd like that too, but I don't think Cisco are going to be at all
> interested. Which leaves us either constrained to being compatible with
> their protocol (including future developments of it which might even be
> *intended* to break us), or accepting that we have forked it
> incompatibly.
I think the reason we have multiple SSL VPNs is because there is no
documented protocol for it, which works well. Once there is a documented
protocol there will be very little incentive for each company to
reinvent the wheel and define one. I think it is better in the long
term, and more reasonable, to work towards a standardized protocol,
rather than spending resources in reverse engineering and implementing
every protocol out there.
regards,
Nikos
More information about the openconnect-devel
mailing list