if (vpninfo->deflate)
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
- /* To enable IPv6, send 'IPv6,IPv4'.
- We don't know how most of that works yet though. */
- openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: IPv4\r\n");
+ openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n",
+ vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);
{"key-password-from-fsid", 0, 0, 0x02},
{"useragent", 1, 0, 0x03},
{"setuid-csd", 1, 0, 0x04},
+ {"disable-ipv6", 0, 0, 0x05},
{NULL, 0, 0, 0},
};
printf(" --cookieonly Fetch webvpn cookie only; don't connect\n");
printf(" --printcookie Print webvpn cookie before connecting\n");
printf(" --cafile=FILE Cert file for server verification\n");
+ printf(" --disable-ipv6 Do not ask for IPv6 connectivity\n");
printf(" --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS\n");
printf(" --no-dtls Disable DTLS\n");
printf(" --no-passwd Disable password/SecurID authentication\n");
vpninfo->uid_csd_given = 1;
break;
}
+ case 0x05:
+ vpninfo->disable_ipv6 = 1;
+ break;
case 'Q':
vpninfo->max_qlen = atol(optarg);
if (!vpninfo->max_qlen) {
.I FILE
]
[
+.B --disable-ipv6
+]
+[
.B --dtls-ciphers
.I LIST
]
.B --cafile=FILE
Cert file for server verification
.TP
+.B --disable-ipv6
+Do not advertise IPv6 capability to server
+.TP
.B --dtls-ciphers=LIST
Set OpenSSL ciphers to support for DTLS
.TP
.SH LIMITATIONS
The
.B openconnect
-client does not yet support IPv6 connectivity, although it is known
-that Cisco's servers do. We have not yet found a suitably configured
-server against which we can test IPv6 functionality. Please contact
-the author if you are able to configure such a server so that we can
-test IPv6 support against it.
+client is not thoroughly tested with IPv6 connectivity. Please contact
+the author if you are able to access a server with IPv6 enabled, so
+that we can test IPv6 support against it.
.SH AUTHORS
David Woodhouse <dwmw2@infradead.org>
z_stream deflate_strm;
uint32_t deflate_adler32;
+ int disable_ipv6;
int reconnect_timeout;
int reconnect_interval;
int dtls_attempt_period;