Feature #929
open
- Difficulty set to Medium
- Tags set to needs-triage
To communicate with a cisco VPN concentrator, you need one of three distinct sets of technology.
1.) The "AnyConnect" solution requires IP-over-{dTLS,TLS,SSL} and supporting infrastructure. IP-over-{dTLS,TLS,SSL} requires kernel work. The supporting infrastructure is still an issue as well.
2.) The traditional "cisco VPN" requires IPsec (which we have) and two extensions to IKE (which is closed-source): XAUTH and MODE-CFG. Creating an open-source IKEv1 with these two extensions would solve this problem.
3.) IKEv2 has in its base specification the equivalent functionalities of XAUTH and MODE-CFG. There is a community IKEv2 project underway, and helping that would help this.
Also available in: Atom
PDF
Updated by