Supporting Juniper and other types of SSL VPN

David Woodhouse dwmw2 at infradead.org
Mon Jan 19 04:35:31 PST 2015


On Thu, 2015-01-01 at 10:29 +0000, David Woodhouse wrote:
> 
> So I think I'd be happy enough to look at abstracting out the specific
> SSL VPN protocol parts and making OpenConnect support multiple
> protocols. The main sticking point is that we actually need some
> details
> about *how* those other SSL VPN protocols works.

It looks like the Juniper one actually works fairly similarly to
AnyConnect — an authentication stage that results in a cookie, followed
by actually making the connection using that cookie.

The authentication part has even been implemented in open source at
https://smallhacks.wordpress.com/2012/07/15/jvpn-perl-script-to-connect-to-the-juniper-vpn-with-host-checker-enabled/

For the VPN connection itself, I've thrown together an untested
prototype: http://git.infradead.org/users/dwmw2/openconnect-juniper.git

It didn't take that much work to abstract out the Cisco protocol bits
from the generic VPN support in OpenConnect. Once the dust has settled
and we have things working, I'll take a closer look at whether it could
be done more cleanly than my initial attempt.

-- 
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150119/b1896e25/attachment.bin>


More information about the openconnect-devel mailing list