![]() Ideal processing for an internal client are: ![]() This feature of the GlobalProtect service behave differently from an external connection, and openconnect in his current version stop with an error message: GlobalProtect login returned connection-type=notunnel (expected tunnel) Failed to parse server response Failed to obtain WebVPN cookieĪs we understand it, auth-globalprotect.c need to be rewrited to handle the connection-type=notunnel, and then start a different exchange with the globalprotect gateway, providing xml responses that differ from those on external gateway. GlobalProtect can be used as an agent to identify the user on internal network, allowing the firewall to give user's rights based on ldap attributes and not on an static ip assignation. This may be a feature that's goes behond openconnect purpose, but I'll ask anyway as we already investigate it on dlenski github project.
0 Comments
Leave a Reply. |