Commit 9a3a4296 authored by David Woodhouse's avatar David Woodhouse

Various documentation updates (DTLSv1.2, Pulse, TNCC)

Signed-off-by: default avatarDavid Woodhouse <>
parent 45cbcd27
......@@ -98,10 +98,13 @@ bout it.</p>
it should. There are some things which the regular developers don't have easy access to test,
some help with testing these would be particularly welcome:</p>
<li><b>Testing against a Cisco ASAv virtual applicance (v9.10 or above) with <a href="">DTLS v1.2</a> support.</b><br/>
Cisco have finally updated to use a standard version of the DTLS protocol, where the hardware acceleration doesn't prevent it. We have tested their client and OpenConnect against <a href="">ocserv</a> and we believe we have a compatibile implementation, but testing OpenConnect directly against a Cisco server with DTLS v1.2 would be extremely useful.</li>
<li><b>Testing a PAN GlobalProtect VPN with IPv6 internal addresses.</b><br/>
We think we know how this works, but we've not been able to test.</li>
<li><b>Various authentication methods for Pulse Secure.</b><br/>
Although it looked sane at first, the Pulse protocol has a lot of horrid
special cases. Aside from the <a href="tncc.html">Host Checker</a> most
should be working, but please test and let us know if anything is
missing or wrong.</li>
......@@ -118,8 +121,6 @@ to learn how they work.</p>
perhaps even Google Summer of Code projects.</p>
<li><b>Junos Pulse / <a href="">Pulse Connect Secure</a></b><br/>
This is the successor to the Juniper Network Connect protocol which is already supported. It's saner, simpler, and has IPv6 support. We do understand how it works, with EAP over <a href="">IF-T/TLS</a>.</li>
<li><b><a href="">CheckPoint VPN</a></b><br/>
This is an IPSec-based VPN with fallback to using the SSL transport. Some discussion of OpenConnect support in this <a href="">GitLab ticket</a>. </li>
<li><b>Cisco / Nortel IPSec VPN</b><br/>
......@@ -13,7 +13,8 @@
<p>The Host Checker mechanism is a security scanner for the <a
href="juniper.html">Juniper</a> VPNs, in the same vein as <a
href="csd.html">Cisco's CSD</a> and <a href="hip.html">GlobalProtect's
HIP</a>. It is also used by the <a href="pulse.html">Pulse Secure</a>
protocol but support it in Pulse is not included in OpenConnect yet.</p>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment