Apparently, X-NE-SESSIONPROMPT: true seems to be needed in some rare (?)
situations, where the tunnel will come up but no packets are
transferred. See:
Of all the clients tested, ONLY NetExtender for Windows sends this
header, so this behaviour might be related to some specific
(mis-)configuration of the server...
Signed-off-by: Andreas Gnau <email address hidden>
nx: Remove TODO and debug prints regarding headers
So far, we have only one encountered one NX server that was enforcing a
certain client version and thus User-Agent header. Remove the TODO
pondering whether to add it or not and some leftover debug-print.
If we realise later, that this is more common, we can always add such a
header. In initial tests, the server did not do a 1:1 string comparison,
so we could still be transparent about being OpenConnect by prepending
or appending OpenConnect to the "approved" User-Agent string.
Signed-off-by: Andreas Gnau <email address hidden>
nx: Send X-NX-Client-Platform header according to OS
Send X-NX-Client-Platform header, by translating the OpenConnect
vpninfo->platname (AnyConnect derived) to the ones sent by the offical
SonicWall NX clients.
Signed-off-by: Andreas Gnau <email address hidden>
Add parameter to allow specifying no IP install_vpn_opts
NX also uses IPCP for getting its IPv4-IP while all the other connection
parameters are retrieved via HTTP. This increases the number of
protocols that need special treatment in install_vpn_opts to two.
Add a generic parameter `allow_no_ip` to install_vpn_opts which is set
to true when called from F5 and NX, thus keeping the code free of
protocol-specific bits.
Signed-off-by: Andreas Gnau <email address hidden>
Make vpninfo->cookie be the raw cookie value like other protocols. Also
make consumption and writing of the value consistent, so that passing to
cookie from --authenticate to --cookie-on-stdin works flawlessly like
for the other protocols.
Signed-off-by: Andreas Gnau <email address hidden>
NX encapsulation is 32-bit big (not little) endian size of the whole
payload, which is not necessarily equal to the size of of the HDLC
frame, because there may be multiple frames.
Fix the code accordingly.
Signed-off-by: Andreas Gnau <email address hidden>