Makes a host connection to an arbitrary TCP/IP host:port, and checks the
estimates of the MTU/MSS provided by various getsockopt() calls, just as
OpenConnect uses in calculate_mtu().
Signed-off-by: Daniel Lenski <email address hidden>
The name '--usergroup' exists purely for historical/Cisco-specific reasons.
Its function is simply to override the *path* of the URL for the initial
HTTPS request to the server.
Thus 'openconnect --usergroup loginRealm vpn.server.com'
and 'openconnect https://vpn.server.com/loginRealm' are entirely equivalent;
with most front-ends, specifying the URL directly is the only way to set the
path.
Signed-off-by: Daniel Lenski <email address hidden>
The `--authgroup=GROUP` option is specifically designed for this purpose: it can enter
a value into "the right" dropdown/list field on multiple protocols:
- Cisco AnyConnect/ocserv: "authgroup" selection form field
- Juniper: "realm" OR "frmSelectRoles" selection form field
- Pulse: "realm" selection form field
- Fortinet: "realm" selection form field
- F5: "domain" selection form field
- GlobalProtect: "gateway" selection form field (found on the "portal" interface;
this one actually controls the choice of gateway server)
The functionality of the `--authgroup` option is not as obvious as
it could/should be because the name "authgroup" is Cisco-specific.
This patch improves the `--help` output and openconnect(8) man page to
show that it works with other protocols as well, and mention the names
of the relevant fields for those protocols.
Signed-off-by: Daniel Lenski <email address hidden>
6246bbd...
by
Dimitri Papadopoulos Orfanos <email address hidden>
Merge branch 'const' into 'master'
Fix constness again in HKDF/HPKE-related functions
Explain why explicit proxying usually doesn't work in MITM docs
Simply put, many VPN clients *ignore* an explicitly-set browser/system
proxy, whether as an intentional anti-MITM measure or as a consequence of
inconsistent and incompetent design and coding.
This is why transparent proxying is generally necessary in order to reliably
MITM a proprietary VPN client.