real Pulse support (was: Re: [PATCH v2 0/3] Support for Pulse's split-exclude routes)
Gernot Hillier
gernot.hillier at siemens.com
Wed Feb 21 09:17:21 PST 2018
Hi there!
Am 12.12.2017 um 16:52 schrieb David Woodhouse:
> On Tue, 2017-12-12 at 16:38 +0100, Gernot Hillier wrote:
>> As these changes are relevant for many Siemens colleagues using Linux,
>> I'm definitely willing to continue improving them - given that you are
>> (in principle) interested in merging this feature - and that you're
>> letting me know if you prefer the approach of v1 or v2 and what is still
>> open from your POV.
>
> I like the v2 approach but without the bit where you drop the IPv6
> support. This should be applicable to other VPN types too... and we
> really ought to add real Pulse support one of these days too, which
> gives us IPv6 support.
Update submitted.
> We know how Pulse works... it shouldn't be that hard for someone to add
> it, if I can persuade someone to care... :)
Do you have some pointer what you mean with "real Pulse support"? We
thought we have a PulseSecure gateway and everything seems to work as
intended with --juniper, at least using the Linux entrypoint.
Is it about the TNC protocols ([1], [2])? I think the Windows entrypoint
of our gateway uses them for authentication...
[1] https://en.wikipedia.org/wiki/Trusted_Network_Connect
[2]
https://trustedcomputinggroup.org/wp-content/uploads/TNC_IFT_TLS_v1_0_r16.pdf
--
Kind regards,
Gernot Hillier
Siemens AG, Corporate Competence Center Embedded Linux
More information about the openconnect-devel
mailing list