Commit ffebb560 authored by Daniel Lenski's avatar Daniel Lenski

Fill in a few missing references to GlobalProtect, TNCC, and DTLS support in the docs

Also clarifies the command-line options regarding compression
Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
parent a8ab34e1
......@@ -863,8 +863,8 @@ static void usage(void)
printf(" -x, --xmlconfig=CONFIG %s\n", _("XML config file"));
printf(" -m, --mtu=MTU %s\n", _("Request MTU from server (legacy servers only)"));
printf(" --base-mtu=MTU %s\n", _("Indicate path MTU to/from server"));
printf(" -d, --deflate %s\n", _("Enable compression (default)"));
printf(" -D, --no-deflate %s\n", _("Disable compression"));
printf(" -d, --deflate %s\n", _("Enable stateful compression (default is stateless only)"));
printf(" -D, --no-deflate %s\n", _("Disable all compression"));
printf(" --force-dpd=INTERVAL %s\n", _("Set minimum Dead Peer Detection interval"));
printf(" --pfs %s\n", _("Require perfect forward secrecy"));
printf(" --no-dtls %s\n", _("Disable DTLS and ESP"));
......
......@@ -59,7 +59,7 @@ The username/password for OpenSSL RT is 'guest/guest'
<h3>GnuTLS</h3>
<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.</p>
<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards (<a href="https://gitlab.com/nmav/gnutls/commit/fd5ca1afb7b223f1ce0c5330f2611996491c6aae">commited in <tt>fd5ca1af</tt></a>).</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>
......@@ -24,7 +24,7 @@
<li>Automatic update of VPN server list / configuration.</li>
<li>Roaming support, allowing reconnection when the local IP address changes.</li>
<li>Run without root privileges <i>(see <a href="nonroot.html">here</a>)</i>.</li>
<li>Support for "Cisco Secure Desktop" <i>(see <a href="csd.html">here</a>)</i> and "GlobalProtect HIP report" <i>(see <a href="hip.html">here</a>)</i>.</li>
<li>Support for "Cisco Secure Desktop" <i>(see <a href="csd.html">here</a>)</i>, Juniper TNCC <i>(see <a href="juniper.html#tncc">here</a>)</i>, and "GlobalProtect HIP report" <i>(see <a href="hip.html">here</a>)</i>.</li>
<li>Graphical connection tools for various environments <i>(see <a href="gui.html">here</a>)</i>.</li>
</ul>
......
......@@ -16,6 +16,12 @@
href="https://tools.ietf.org/html/rfc3948">ESP</a>, with routing and
configuration information distributed in XML format.</p>
<p>GlobalProtect mode is requested by adding <tt>--protocol=gp</tt>
to the command line:
<pre>
openconnect --protocol=gp vpn.example.com
</pre></p>
<h3>Authentication</h3>
<p>To authenticate, you connect to the secure web server (<tt>POST
......
......@@ -9,15 +9,18 @@
<INCLUDE file="inc/content.tmpl" />
<h1>OpenConnect</h1>
<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>. It has since been ported to support the Juniper SSL VPN which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>.</p>
<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>.
It has since been ported to support the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
and to the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>.</p>
<p>OpenConnect is released under the GNU Lesser Public License, version 2.1.</p>
<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
OpenConnect is not officially supported by, or associated in any way
with, Cisco Systems, Juniper Networks or Pulse Secure. It just happens to interoperate with their equipment.
with, Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks.
It just happens to interoperate with their equipment.
</p>
<p>Development of OpenConnect was started after a trial of the Cisco
<p>Development of OpenConnect was started after a trial of the Cisco
client under Linux found it to have many deficiencies:</p>
<ul>
<li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
......
......@@ -16,10 +16,10 @@ experimental, and is quite likely to be deprecated in favour of the newer
<a href="http://www.juniper.net/techpubs/en_US/junos-pulse4.0/topics/reference/a-c-c-nc-comparing.html">Junos
Pulse</a> protocol.</p>
<p>For the time being, Juniper mode is requested by adding <tt>--juniper</tt>
<p>Juniper mode is requested by adding <tt>--protocol=nc</tt>
to the command line:
<pre>
openconnect --juniper vpn.example.com
openconnect --protocol=nc vpn.example.com
</pre></p>
<p>Network Connect works very similarly to
......@@ -65,7 +65,7 @@ pass the cookie to OpenConnect with its <tt>-C</tt> option, for example:
</pre>
</p>
<h3>Host Checker (tncc.jar)</h3>
<a name="tncc"><h3>Host Checker (tncc.jar)</h3></a>
<p>Many sites require a Java applet to run certain tests as a precondition
of authentication. This works by sending a <tt>DSPREAUTH</tt> cookie
......@@ -80,7 +80,7 @@ along with the <tt>tncc-preload.so</tt> from
<a href="https://github.com/russdill/ncsvc-socks-wrapper">this repository</a>.
It may also be necessary to pass a Mozilla-compatible user agent string:
<pre>
./openconnect --juniper --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com
./openconnect --protocol=nc --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com
</pre>
</p>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment