Kezdőlap Felfedezés Súgó
Bejelentkezés
vimacs
/
openconnect
Figyelés 1
Kedvenc 0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 2448e70def
Branch-ok Tag-ek
openconnect
/
www
/
pulse.xml

pulse.xml 2.0 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. <PAGE>
    2. 

  2. 	<INCLUDE file="inc/header.tmpl" />
    3. 

  3. 

  4. 	<VAR match="VAR_SEL_PROTOCOLS" replace="selected" />
    5. 

  5. 	<VAR match="VAR_SEL_PULSE" replace="selected" />
    6. 

  6. 	<PARSE file="menu1.xml" />
    7. 

  7. 	<PARSE file="menu2-protocols.xml" />
    8. 

  8. 

  9. 	<INCLUDE file="inc/content.tmpl" />
    10. 

  10. 

  11. <h1>Pulse Connect Secure</h1>
    12. 

  12. 

  13. <p>Support for Pulse Connect Secure was added to OpenConnect in June 2019,
    14. 

  14. for the 8.04 release. In most cases it supersedes the older Juniper Network
    15. 

  15. Connect support. It is a much saner protocol.</p>
    16. 

  16. 

  17. <p>Pulse mode is requested by adding <tt>--protocol=pulse</tt>
    18. 

  18. to the command line:
    19. 

  19. <pre>
    20. 

  20.   openconnect --protocol=pulse vpn.example.com
    21. 

  21. </pre></p>
    22. 

  22. 

  23. <p>The TCP transport for Pulse Connect Secure works over
    24. 

  24. <a href="https://trustedcomputinggroup.org/resource/tnc-if-t-binding-to-tls/">IF-T/TLS</a>,
    25. 

  25. first using EAP (and EAP-TTLS if certificates are being used) for
    26. 

  26. authentication and then passing traffic over IF-T messages over
    27. 

  27. the same transport. Just as with the older Juniper protocol, the UDP
    28. 

  28. transport is <a href="https://tools.ietf.org/html/rfc3948">ESP</a>.</p>
    29. 

  29. 

  30. <h2>Authentication</h2>
    31. 

  31. 

  32. <p>The authentication cookies are compatible with the
    33. 

  33. <a href="juniper.html">Juniper</a> mode, which means that external
    34. 

  34. tools like <a href="https://github.com/russdill/juniper-vpn-py">juniper-vpn-py</a>
    35. 

  35. should be usable with OpenConnect in Pulse mode too.</p>
    36. 

  36. 

  37. <h3>Host Checker</h3>
    38. 

  38. 

  39. <p>Support for Host Checker, also known as TNCC, has not yet been investigated and
    40. 

  40. implemented for Pulse mode. The Juniper support may suffice for some users.</p>
    41. 

  41. 

  42. <h2>Connectivity</h2>
    43. 

  43. 

  44. <p>Once authentication is complete, the VPN connection can be
    45. 

  45. established. Both Legacy IP and IPv6 should be working. However, some
    46. 

  46. Pulse VPNs will not provide full IPv6 connectivity unless a recent
    47. 

  47. version of the official Pulse client for Windows is spoofed (see
    48. 

  48. <a href="https://gitlab.com/openconnect/openconnect/-/issues/254#note_661398964">comment
    49. 

  49. on GitLab issue #254</a>. For example:</p>
    50. 

  50. 

  51. <pre>
    52. 

  52.   ./openconnect --protocol=pulse --useragent "Pulse-Secure/9.1.11.6725" --os=win
    53. 

  53. </pre>
    54. 

  54. 

  55. 	<INCLUDE file="inc/footer.tmpl" />
    56. 

  56. </PAGE>
    57. 

  57.