[EXTERNAL] Re: Cisco recommends OpenConnect

Daniel Lenski dlenski at gmail.com
Thu Jun 9 14:15:19 PDT 2022


On Mon, Jun 6, 2022 at 12:54 PM Randall Sindlinger
<randall.sindlinger at ssaihq.com> wrote:
> In any case, has this and the DevNet recommendation been added to the
> https://www.infradead.org/openconnect/ page?  I'm not sure where it would best fit; but I think it
> would be invaluable to give users and potential users the knowledge that Cisco has all but formally
> approved it.  It sure would have helped me, at least!

Hmmm. Remind me again why "the endorsement of Cisco" is an endorsement
that OpenConnect would want…? 😅

More seriously, I'm rather equivocal about encouraging corporate
network IT departments to replace proprietary clients with
OpenConnect.

Those corporate network IT folks are always asking us things like,
"Hey, OpenConnect is great! We want to use it for our whole fleet. By
the way, can you make it so OpenConnect will check a flag sent by the
server and then disable access to other network devices?"…

… and that's the part where I have to tell them, "Look, I'm not your
ally here, I'm your adversary. The reason I got involved in developing
OpenConnect was to work around all of these network security policies,
so that I could actually Get Stuff Done on the VPNs I was connecting
to. My primary interest in such policies is documenting and explaining
how to evade them."

> And - PS - maybe the opposite of dogfooding is catfooding; I can certainly vouch that my dog
> *strongly* prefers the cat food, anyway.  :- D

Hah. 😂

-Dan



More information about the openconnect-devel mailing list