Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
- Loading branch information
David Woodhouse
authored and
David Woodhouse
committed
Oct 30, 2008
1 parent
20a70de
commit 7f3e9d0
Showing
1 changed file
with
226 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,226 @@ | ||
.TH OPENCONNECT 8 | ||
.SH NAME | ||
openconnect \- Connect to Cisco AnyConnect VPN | ||
.SH SYNOPSIS | ||
.B openconnect | ||
[ | ||
.B -c,--certificate | ||
.I CERT | ||
] | ||
[ | ||
.B -k,--sslkey | ||
.I KEY | ||
] | ||
[ | ||
.B -C,--cookie | ||
.I COOKIE | ||
] | ||
[ | ||
.B --cookie-on-stdin | ||
] | ||
[ | ||
.B -d,--deflate | ||
] | ||
[ | ||
.B -D,--no-deflate | ||
] | ||
[ | ||
.B -h,--help | ||
] | ||
[ | ||
.B -i,--interface | ||
.I IFNAME | ||
] | ||
[ | ||
.B -l,--syslog | ||
] | ||
[ | ||
.B -U,--setuid | ||
.I USER | ||
] | ||
[ | ||
.B -m,--mtu | ||
.I MTU | ||
] | ||
[ | ||
.B -p,--tpm-password | ||
.I PASS | ||
] | ||
[ | ||
.B -q,--quiet | ||
] | ||
[ | ||
.B -Q,--queue-len | ||
.I LEN | ||
] | ||
[ | ||
.B -s,--script | ||
.I SCRIPT | ||
] | ||
[ | ||
.B -S,--script-tun | ||
] | ||
[ | ||
.B -t,--tpm | ||
] | ||
[ | ||
.B -T,--tun-fd | ||
] | ||
[ | ||
.B -u,--user | ||
.I NAME | ||
] | ||
[ | ||
.B -V,--version | ||
] | ||
[ | ||
.B -v,--verbose | ||
] | ||
[ | ||
.B -x,--xmlconfig | ||
.I CONFIG | ||
] | ||
[ | ||
.B --cookieonly | ||
] | ||
[ | ||
.B --printcookie | ||
] | ||
[ | ||
.B --cafile | ||
.I FILE | ||
] | ||
[ | ||
.B --no-dtls | ||
] | ||
[ | ||
.B --passwd-on-stdin | ||
] | ||
\fIserver\fR | ||
|
||
.SH DESCRIPTION | ||
The program | ||
.B openconnect | ||
connects to Cisco "AnyConnect" VPN servers, which use standard TLS | ||
and DTLS protocols for data transport. | ||
|
||
The connection happens in two phases. First there is a simple HTTPS | ||
connection over which the user authenticates somehow \- by using a | ||
certificate, or password or SecurID, etc. Having authenticated, the | ||
user is rewarded with an HTTP cookie which can be used to make the | ||
real VPN connection. | ||
|
||
The second phase uses that cookie in an HTTPS | ||
.I CONNECT | ||
request, and data packets can be passed over the resulting | ||
connection. In auxiliary headers exchanged with the | ||
.I CONNECT | ||
request, a Session-ID and Master Secret for a DTLS connection are also | ||
exchanged, which allows data transport over UDP to occur. | ||
|
||
|
||
.SH OPTIONS | ||
.TP | ||
.B -c,--certificate=CERT | ||
Use SSL client certificate | ||
.I CERT | ||
.TP | ||
.B -k,--sslkey=KEY | ||
Use SSL private key file | ||
.I KEY | ||
.TP | ||
.B -C,--cookie=COOKIE | ||
Use WebVPN cookie | ||
.I COOKIE | ||
.TP | ||
.B --cookie-on-stdin | ||
Read cookie from standard input | ||
.TP | ||
.B -d,--deflate | ||
Enable compression (default) | ||
.TP | ||
.B -D,--no-deflate | ||
Disable compression | ||
.TP | ||
.B -h,--help | ||
Display help text | ||
.TP | ||
.B -i,--interface=IFNAME | ||
Use | ||
.I IFNAME | ||
for tunnel interface | ||
.TP | ||
.B -l,--syslog | ||
Use syslog for progress messages | ||
.TP | ||
.B -U,--setuid=USER | ||
Drop privileges after connecting, to become user | ||
.I USER | ||
.TP | ||
.B -m,--mtu=MTU | ||
Request | ||
.I MTU | ||
from server | ||
.TP | ||
.B -p,--tpm-password=PASS | ||
Provide SRK (System Root Key) PIN for TPM | ||
.TP | ||
.B -q,--quiet | ||
Less output | ||
.TP | ||
.B -Q,--queue-len=LEN | ||
Set packet queue limit to | ||
.I LEN | ||
pkts | ||
.TP | ||
.B -s,--script=SCRIPT | ||
Use vpnc-compatible config script | ||
.TP | ||
.B -S,--script-tun | ||
Pass traffic to 'script' program, not tun | ||
.TP | ||
.B -t,--tpm | ||
Use TPM engine for private key | ||
.TP | ||
.B -T,--tun-fd | ||
File descriptor to use for passing traffic | ||
.TP | ||
.B -u,--user=NAME | ||
Set login username to | ||
.I NAME | ||
.TP | ||
.B -V,--version | ||
Report version number | ||
.TP | ||
.B -v,--verbose | ||
More output | ||
.TP | ||
.B -x,--xmlconfig=CONFIG | ||
XML config file | ||
.TP | ||
.B --cookieonly | ||
Fetch webvpn cookie only; don't connect | ||
.TP | ||
.B --printcookie | ||
Print webvpn cookie before connecting | ||
.TP | ||
.B --cafile=FILE | ||
Cert file for server verification | ||
.TP | ||
.B --no-dtls | ||
Disable DTLS | ||
.TP | ||
.B --passwd-on-stdin | ||
Read password from standard input | ||
|
||
.SH LIMITATIONS | ||
The | ||
.B openconnect | ||
client does not yet support IPv6 connectivity, although it is known | ||
that Cisco's servers do. We have not yet found a suitably configured | ||
server against which we can test IPv6 functionality. Please contact | ||
the author if you are able to configure such a server so that we can | ||
test IPv6 support against it. | ||
|
||
.SH AUTHORS | ||
David Woodhouse <dwmw2@infradead.org> |