For Pulse, send ESP only of the same IP protocol as we're connected over
It really seems that when we're connected over Legacy IP, it only accepts
Legacy IP packets in ESP. And when we're connected over IPv6, it only
accepts IPv6 packets in ESP.
Unless we're supposed to (have a public IPv6 route to the server and)
establish ESP over *both* Legacy IP and IPv6, and send the right packets
over each? Which would be insane.
Someone please tell me this isn't true. But it matches the behaviour
of the Windows client too.
Signed-off-by: David Woodhouse <email address hidden>
This reverts commit a6fe0d0d8088c49b65df7ae2ea1ee254ab34639a, and then
tries to get the probes right. I *think* we need to send the probe ESP
packet as IPv6 if we want the server to know that we can do IPv6 in ESP.
Signed-off-by: David Woodhouse <email address hidden>
Revert "Look a lot more like the Windows client..."
This reverts commit 8b3f467a9280dabc5b151feb88b894895178bf91, which was
only really for testing and I never meant to push it to the master branch.
Apparently it makes the server do EAP-TLS within EAP-TTLS if no
certificate is presented by the client. I am not ready for that level of
insanity just yet.
Signed-off-by: David Woodhouse <email address hidden>
When the Cisco side is configured with IPv4 and IPv6 DNS resolver IPs,
it will send option X-CSTP-DNS-IP6
This patch captures the IPv6 addresses provided, and puts them in
INTERNAL_IP6_DNS variable for vpnc-scripts (which is already handled
there)
Signed-off-by: Colin Petrie <email address hidden>
[dwmw2: Put them in $INTERNAL_IP4_DNS instead. They shouldn't be split.]
Signed-off-by: David Woodhouse <email address hidden>