Головна сторінка Огляд Довідка
Увійти
vimacs
/
openconnect
Слідкувати 1
Зірка 0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 2448e70def
Гілки Теги
openconnect
/
www
/
index.xml

index.xml 4.0 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. <PAGE>
    2. 

  2. 	<INCLUDE file="inc/header.tmpl" />
    3. 

  3. 

  4. 	<VAR match="VAR_SEL_INDEX" replace="selected" />
    5. 

  5. 	<VAR match="VAR_SEL_ABOUT" replace="selected" />
    6. 

  6. 	<PARSE file="menu1.xml" />
    7. 

  7. 	<PARSE file="menu2.xml" />
    8. 

  8. 

  9. 	<INCLUDE file="inc/content.tmpl" />
    10. 

  10. 

  11. <h1>OpenConnect</h1>
    12. 

  12. <p>OpenConnect is a <a href="platforms.html">cross-platform</a> multi-protocol SSL VPN client which supports a number of VPN protocols:</p>
    13. 

  13. 

  14. <ul>
    15. 

  15.   <li><a href="anyconnect.html">Cisco AnyConnect</a> (<tt>--protocol=anyconnect</tt>)</li>
    16. 

  16.   <li><a href="array.html">Array Networks AG SSL VPN</a> (<tt>--protocol=array</tt>)</li>
    17. 

  17.   <li><a href="juniper.html">Juniper SSL VPN</a> (<tt>--protocol=nc</tt>)</li>
    18. 

  18.   <li><a href="pulse.html">Pulse Connect Secure</a> (<tt>--protocol=pulse</tt></li>
    19. 

  19.   <li><a href="globalprotect.html">Palo Alto Networks GlobalProtect SSL VPN</a> (<tt>--protocol=gp</tt>)</li>
    20. 

  20.   <li><a href="f5.html">F5 Big-IP SSL VPN</a> (<tt>--protocol=f5</tt>)</li>
    21. 

  21.   <li><a href="fortinet.html">Fortinet Fortigate SSL VPN</a> (<tt>--protocol=fortinet</tt>)</li>
    22. 

  22. </ul>
    23. 

  23. 

  24. <p>OpenConnect is not officially supported by, or associated in any way
    25. 

  25. with Cisco Systems, Juniper Networks, Pulse Secure, Palo Alto Networks, F5,
    26. 

  26. or Fortinet, or any of the companies whose protocols we may support in the future.
    27. 

  27. It just happens to interoperate with their equipment. Trademarks belong to
    28. 

  28. their owners in a rather tautological and obvious fashion.</p>
    29. 

  29. 

  30. <p>An openconnect VPN server (<a
    31. 

  31. href="https://www.infradead.org/ocserv">ocserv</a>), which implements
    32. 

  32. an improved version of the Cisco AnyConnect protocol, has also been
    33. 

  33. written.</p>
    34. 

  34. 

  35. <p>OpenConnect is released under the <a href="licence.html">GNU Lesser Public License, version 2.1</a>.</p>
    36. 

  36. 

  37. <h2>Motivation</h2>
    38. 

  38. 

  39. <p>Development of OpenConnect was started after a trial of the Cisco AnyConnect
    40. 

  40. client under Linux found it to have many deficiencies:</p>
    41. 

  41. <ul>
    42. 

  42.   <li>Inability to use SSL certificates from a <a href="https://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
    43. 

  43.   <a href="https://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
    44. 

  44.   <li>Lack of support for Linux platforms other than i386.</li>
    45. 

  45.   <li>Lack of integration with NetworkManager on the Linux desktop.</li>
    46. 

  46.   <li>Lack of proper (RPM/DEB) packaging for Linux distributions.</li>
    47. 

  47.   <li>"Stealth" use of libraries with <tt>dlopen()</tt>, even using
    48. 

  48.       the development-only symlinks such as <tt>libz.so</tt> &#8212;
    49. 

  49.       making it hard to properly discover the dependencies which
    50. 

  50.       proper packaging would have expressed</li>
    51. 

  51.   <li>Tempfile races allowing unprivileged users to trick it into overwriting arbitrary files, as root.</li>
    52. 

  52.   <li>Unable to run as an unprivileged user, which would have reduced the severity of the above bug.</li>
    53. 

  53.   <li>Inability to audit the source code for further such "Security 101" bugs.</li>
    54. 

  54. </ul>
    55. 

  55. 

  56. <p>Naturally, OpenConnect addresses all of the above issues, and more.</p>
    57. 

  57. 

  58. <h2>New protocols</h2>
    59. 

  59. <p>Adding new protocols to OpenConnect is relatively simple, and
    60. 

  60. additional protocols have been added over the years since using
    61. 

  61. OpenConnect allows a developer to concentrate on the protocol itself
    62. 

  62. and most of the boring details about platform-specific tunnel management
    63. 

  63. and IP configuration, and handling of client SSL certificates, are already
    64. 

  64. resolved.</p>
    65. 

  65. 

  66. <p>If you have a protocol which you think it makes sense to support in
    67. 

  67. OpenConnect, especially if you are able to help with interoperability
    68. 

  68. testing, please file an <a href="https://gitlab.com/openconnect/openconnect/-/issues">issue</a>
    69. 

  69. in GitLab.
    70. 

  70. </p>
    71. 

  71. 

  72. <h2>Consistent multi-protocol support</h2>
    73. 

  73. 

  74. <p>Wherever possible, OpenConnect presents a uniform API and command-line
    75. 

  75. interface to each of these VPNs. For example,
    76. 

  76. <a href="manual.html"><tt>openconnect --force-dpd=10</tt></a>
    77. 

  77. will attempt dead peer detection every 10 seconds on every VPN that
    78. 

  78. supports it, even though the actual mechanism used may be protocol-specific.
    79. 

  79. Protocol-specific features and deficiencies are described on the
    80. 

  80. <a href="protocols.html">individual protocol pages</a>.</p>
    81. 

  81. 

  82. 	<INCLUDE file="inc/footer.tmpl" />
    83. 

  83. </PAGE>
    84. 

  84.