Feature #929
open
Cisco VPN tunnel
0%
Description
I think that it is really necessary to be able to use Cisco VPN tunnels.
Updated by Dan McDonald over 12 years ago
- Difficulty set to Medium
- Tags set to needs-triage
To communicate with a cisco VPN concentrator, you need one of three distinct sets of technology.
1.) The "AnyConnect" solution requires IP-over-{dTLS,TLS,SSL} and supporting infrastructure. IP-over-{dTLS,TLS,SSL} requires kernel work. The supporting infrastructure is still an issue as well.
2.) The traditional "cisco VPN" requires IPsec (which we have) and two extensions to IKE (which is closed-source): XAUTH and MODE-CFG. Creating an open-source IKEv1 with these two extensions would solve this problem.
3.) IKEv2 has in its base specification the equivalent functionalities of XAUTH and MODE-CFG. There is a community IKEv2 project underway, and helping that would help this.