> Select this option to enable local subnet access and local access to any host or
> subnet in routes that you have specified in the client routing table.
Signed-off-by: Daniel Lenski <email address hidden>
Add ipv[46]_unreachable flags to struct oc_ip_info, and pass to vpnc-script
Some servers want the client to make a particular address family unreachable
*except* through the VPN, even if unused by the VPN.
This patch makes OpenConnect record the relevant values from the server, and
pass them to the tunnel configuration script, by setting `IP[46]_UNREACHABLE=true`.
The script will need to take care *not* to block the explicit route to the VPN
gateway's external address.
Signed-off-by: Daniel Lenski <email address hidden>
This was added under v9.12 instead of the HEAD section. Next person to do
that gets to implement a CI test for it :)
Perhaps we should have a policy of adding in reverse chronological order
so that newly-added lines are always immediately below the 'HEAD' title,
which would mean that merging older PRs would *conflict* instead of
silently merging into the older changelog?
Fixes: ff86be7281 ("update changelog")
Signed-off-by: David Woodhouse <email address hidden>
In 57160c9f2673adbbe468db137b28da4187549061, I updated
fake-juniper-server.py to use a "persistent" configuration (as already done
for fake GlobalProtect, Fortinet, F5 servers), but thne I somehow forgot to
update the actual juniper-auth test script accordingly.
Signed-off-by: Daniel Lenski <email address hidden>
The article "Why TCP Over TCP Is A Bad Idea" is very useful for explaining
why VPNs perform better when using UDP-based transport (DTLS or ESP) rather
than TCP-based transport (TLS), but unfortunately the original site is no
longer available.