VPN client (intended to be) compatible with Cisco AnyConnect
C Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
AUTHORS
COPYING.LGPL
Makefile
README.DTLS
README.SecurID
TODO
auth-dlg-settings.h
auth.c
cstp.c
dtls.c
http.c
main.c
mainloop.c
nm-auth-dialog.c
openconnect.8
openconnect.h
openconnect.html
securid.c
ssl.c
ssl_ui.c
tun.c
version.sh
xml.c

README.DTLS

Cisco's implementation of the DTLS protocol unfortunately does not
comply with the relevant standards. OpenSSL 0.9.8m or newer, and
1.0.0-beta2 or newer, contain a compatibility mode which allows
interoperation with Cisco's servers.

As long as you are using a current version of OpenSSL, you have nothing
to worry about -- everything should work optimally.

Without a suitable OpenSSL, the openconnect client will fall back to
passing packets over the HTTPS connection. This will still work OK, but 
will suffer quite a lot if your connection has packet loss. For details
of why that happens, see http://sites.inka.de/~W1011/devel/tcp-tcp.html

If you insist on using ancient buggy versions of OpenSSL, these are the
patches you require if you want DTLS to work:

For versions of OpenSSL earlier than 0.9.8m, you'll need the Cisco
compatibility support:
	http://cvs.openssl.org/chngview?cn=18037

For versions of OpenSSL earlier than 0.9.8j, a couple of other DTLS
bug-fixes are also required:
	http://cvs.openssl.org/chngview?cn=17500
	http://cvs.openssl.org/chngview?cn=17505