[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openconnect-devel
Subject:    RE: Change interface mode
From:       Beau Barker <bbarker () karasent ! com>
Date:       2020-10-22 16:30:12
Message-ID: 55E33688DBC6A348A8C95292C32E683AFF325639 () ck-mail1
[Download RAW message or body]

> > 
> > Is it possible to change the interface mode to TAP?
> 
> No. Even if OpenConnect (the client software) wanted to support this
> TAP/Layer2 mode, there is no compatible server (Cisco or ocserv) which supports \
> such a mode.

That's what I figured after finding no way documented to do it.

> > I have a device that needs to connect to a remote server via VPN tunnel.  The \
> > device cannot establish a VPN connection on its own and it reports the IP address \
> > it is assigned to the server for communication.
> 
> That's generally a bad protocol design, to send IP information at the application \
> layer and rely on being able to communicate back to the same IP, or expecting it to \
> match the incoming IP. I thought those kinds of protocols were mostly fixed or \
> replaced in the 90s/00s, when IPv4 NAT became pervasive…?

Exactly how I feel about the device.  It's not so much for client-server \
communication, more for peer-peer communication since the developers never envisioned \
the devices being on separate networks.

> > I have configured a Raspberry PI to establish the VPN tunnel and forward traffic \
> > in NAT mode, but that isn't good enough since the device reports its private IP \
> > address.
> 
> It should be possible to trick/torture the device into thinking that it has the \
> same IP address as the Raspberry PI itself, by using iptables address-rewriting \
> rules and such.

That's the route I'm pursuing now.

Thanks for getting back to me.
-Beau
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic