[vpnc-devel] Cisco AnyConnect over SSL / DTLS
David Woodhouse
dwmw2 at infradead.org
Mon Sep 22 19:16:51 CEST 2008
On Mon, 2008-09-15 at 18:02 -0700, David Woodhouse wrote:
> Is anyone else interested in helping to make this work? In particular,
> anyone with a little more clue about DTLS and/or OpenSSL?
I'll take that as a 'no' :)
> Does it make sense to try to merge any of this with vpnc, or should it
> be a completely separate client? It doesn't seem to actually share
> much.
I've gone for a separate client, which I've made available at
http://git.infradead.org/users/dwmw2/anyconnect.git
> On a separate topic, I don't want a VPN at all -- I think it's a broken
> model. I don't want the whole box to have routes into the private
> network; I just want _one_ user to have an optional way to access it.
> What I really want, I think, is to connect vpnc not to the kernel's
> tuntap device, but instead to a second userspace dæmon with its own TCP
> stack and a SOCKS server. That dæmon will just listen for SOCKS
> requests, then generate its own IP packets and pass them to vpnc.
> Does such a thing exist?
Although my code currently uses the tuntap device, I'm playing with lwip
( http://savannah.nongnu.org/projects/lwip/ ), with a view to making
that kind of SOCKS support available as an alternative. So the client
won't need root privileges for anything, and can be installed as run
completely as a normal user.
--
dwmw2
More information about the vpnc-devel
mailing list