lp:~mamarley/openconnect/+git/trunk

Author: Daniel Lenski
Author Date: 2023-09-09 21:28:10 UTC

Update docs on implementing new protocols

Signed-off-by: Daniel Lenski <dlenski@amazon.com>

Author: dwmw2
Author Date: 2022-04-18 19:55:17 UTC

Merge branch 'cpvpn' of gitlab.com:cpvpn/openconnect

Author: dwmw2
Author Date: 2022-03-31 18:33:19 UTC

known key

Still no idea how to decrypt :)

Author: dwmw2
Author Date: 2022-03-12 09:16:40 UTC

epoll debug

Author: dwmw2
Author Date: 2021-05-14 10:57:11 UTC

Add openconnect_get_connect_url(), use it in --authenticate output

As noted in the long comment in openconnect.h, we need to provide the
actual *URL* for the connection including the real hostname. And that
means we also need to provide a suitable --resolve argument to pass on
to the connecting openconnect.

Add openconnect_get_connect_url() for the GUI auth-dialogs to use, and
make 'openconnect --authenticate' emit the same. If we just put it into
$HOST that might break existing setups that don't use the newly-added
$RESOLVE variable too, so put it in another new variable $CONNECT_URL
and leave the original $HOST alone.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: dwmw2
Author Date: 2021-03-30 22:23:29 UTC

Attempt to configure interface

vpnc-script-win.js seems to wait until the Legacy IP address of the
interface appears in 'route print' output. How that'll work in the
21st century when there's only IPv6 and no Legacy IP, I have no
idea. But set it for now like the old TAP driver did, and see if
we can make it work...

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: dwmw2
Author Date: 2021-03-26 10:24:25 UTC

Add basic NSIS installer

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: Andreas Gnau
Author Date: 2020-05-23 20:54:43 UTC

nx: Implement logout

Signed-off-by: Andreas Gnau <rondom@rondom.de>

Author: Dan Lenski
Author Date: 2020-05-20 16:41:40 UTC

make Mingw32/64 CI happy

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Author: dwmw2
Author Date: 2020-05-15 16:26:51 UTC

Merge branch 'multiple_auth_feature' of gitlab.com:incentive.design/openconnect

Author: dwmw2
Author Date: 2019-10-07 16:47:42 UTC

Fix download

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: dwmw2
Author Date: 2019-04-15 19:51:57 UTC

Further optimise aesni_encrypt_esp_packet()

Do the HMAC and SHA1 stuff inline using the tail of the packet,
to avoid copying data around.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: Yoshimasa Niwa
Author Date: 2018-11-04 07:53:37 UTC

Add `--save-to-keychain` option.

Author: dwmw2
Author Date: 2018-10-13 04:06:47 UTC

Update TPM docs

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: Dan Lenski
Author Date: 2018-01-13 00:10:25 UTC

Smarter MTU calculation for GlobalProtect

- If we have no ESP support, ESP disabled, or no ESP keys received, then
  we're definitely using the TLS tunne and we should calculate tunnel MTU
  based on the TCP MSS, subtracting the TLS+GPST overhead (and only use the
  base/wire MTU as a crude fallback if necessary).

- If we've got ESP enabled and ESP keys, then we should calculate tunnel
  MTU based on the base/wire MTU, subtracting the IP+UDP+ESP overhead.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: Dan Lenski
Author Date: 2017-08-17 03:07:45 UTC

improved MTU calculation for GlobalProtect ESP

On Wed, Aug 16, 2017 at 8:03 PM, Daniel Lenski wrote:

> I believe the correct [ESP padding] algorithm is actually as follows:
>
> * From payload MTU, add 2 footer bytes, round *up* to a multiple of
> the blocksize. Add the size of the MAC, IV, and other headers. That's
> the size of the packet on the wire.
> * From wire packet MTU, subtract headers and MAC and IV, round *down*
> to a multiple of blocksize, subtract TWO footer bytes, and that's the
> largest payload you can carry.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Author: dwmw2
Author Date: 2017-05-14 07:17:51 UTC

Merge branch 'globalprotect' of https://github.com/dlenski/openconnect