Enable IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/cstp.c b/cstp.c
index 0896d1e..1bba405 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -109,9 +109,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
        if (vpninfo->deflate)
                openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
        openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-MTU: %d\r\n", vpninfo->mtu);
-       /* To enable IPv6, send 'IPv6,IPv4'.
-          We don't know how most of that works yet though. */
-       openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: IPv4\r\n");
+       openconnect_SSL_printf(vpninfo->https_ssl, "X-CSTP-Address-Type: %s\r\n",
+                              vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
        openconnect_SSL_printf(vpninfo->https_ssl, "X-DTLS-Master-Secret: ");
        for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
                openconnect_SSL_printf(vpninfo->https_ssl, "%02X", vpninfo->dtls_secret[i]);

diff --git a/main.c b/main.c
index 54c6e94..d7d8911 100644 (file)
--- a/main.c
+++ b/main.c
@@ -87,6 +87,7 @@ static struct option long_options[] = {
        {"key-password-from-fsid", 0, 0, 0x02},
        {"useragent", 1, 0, 0x03},
        {"setuid-csd", 1, 0, 0x04},
+       {"disable-ipv6", 0, 0, 0x05},
        {NULL, 0, 0, 0},
 };
 
@@ -123,6 +124,7 @@ void usage(void)
        printf("      --cookieonly                Fetch webvpn cookie only; don't connect\n");
        printf("      --printcookie               Print webvpn cookie before connecting\n");
        printf("      --cafile=FILE               Cert file for server verification\n");
+       printf("      --disable-ipv6              Do not ask for IPv6 connectivity\n");
        printf("      --dtls-ciphers=LIST         OpenSSL ciphers to support for DTLS\n");
        printf("      --no-dtls                   Disable DTLS\n");
        printf("      --no-passwd                 Disable password/SecurID authentication\n");
@@ -333,6 +335,9 @@ int main(int argc, char **argv)
                        vpninfo->uid_csd_given = 1;
                        break;
                }
+               case 0x05:
+                       vpninfo->disable_ipv6 = 1;
+                       break;
                case 'Q':
                        vpninfo->max_qlen = atol(optarg);
                        if (!vpninfo->max_qlen) {

diff --git a/openconnect.8 b/openconnect.8
index 3cfcb7c..6fcef31 100644 (file)
--- a/openconnect.8
+++ b/openconnect.8
@@ -114,6 +114,9 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .I FILE
 ]
 [
+.B --disable-ipv6
+]
+[
 .B --dtls-ciphers
 .I LIST
 ]
@@ -267,6 +270,9 @@ Print webvpn cookie before connecting
 .B --cafile=FILE
 Cert file for server verification
 .TP
+.B --disable-ipv6
+Do not advertise IPv6 capability to server
+.TP
 .B --dtls-ciphers=LIST
 Set OpenSSL ciphers to support for DTLS
 .TP
@@ -294,11 +300,9 @@ Use STRING as 'User-Agent:' field value in HTTP header.
 .SH LIMITATIONS
 The
 .B openconnect
-client does not yet support IPv6 connectivity, although it is known
-that Cisco's servers do. We have not yet found a suitably configured
-server against which we can test IPv6 functionality. Please contact
-the author if you are able to configure such a server so that we can
-test IPv6 support against it.
+client is not thoroughly tested with IPv6 connectivity. Please contact
+the author if you are able to access a server with IPv6 enabled, so
+that we can test IPv6 support against it.
 
 .SH AUTHORS
 David Woodhouse <dwmw2@infradead.org>

diff --git a/openconnect.h b/openconnect.h
index 1650318..47674e2 100644 (file)
--- a/openconnect.h
+++ b/openconnect.h
@@ -180,6 +180,7 @@ struct openconnect_info {
        z_stream deflate_strm;
        uint32_t deflate_adler32;
 
+       int disable_ipv6;
        int reconnect_timeout;
        int reconnect_interval;
        int dtls_attempt_period;