diff --git a/main.c b/main.c index 1ef54813..379cf5de 100644 --- a/main.c +++ b/main.c @@ -863,8 +863,8 @@ static void usage(void) printf(" -x, --xmlconfig=CONFIG %s\n", _("XML config file")); printf(" -m, --mtu=MTU %s\n", _("Request MTU from server (legacy servers only)")); printf(" --base-mtu=MTU %s\n", _("Indicate path MTU to/from server")); - printf(" -d, --deflate %s\n", _("Enable compression (default)")); - printf(" -D, --no-deflate %s\n", _("Disable compression")); + printf(" -d, --deflate %s\n", _("Enable stateful compression (default is stateless only)")); + printf(" -D, --no-deflate %s\n", _("Disable all compression")); printf(" --force-dpd=INTERVAL %s\n", _("Set minimum Dead Peer Detection interval")); printf(" --pfs %s\n", _("Require perfect forward secrecy")); printf(" --no-dtls %s\n", _("Disable DTLS and ESP")); diff --git a/www/anyconnect.xml b/www/anyconnect.xml index 5ee1ce17..fd7e90ac 100644 --- a/www/anyconnect.xml +++ b/www/anyconnect.xml @@ -59,7 +59,7 @@ The username/password for OpenSSL RT is 'guest/guest'
Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.
+Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards (commited in fd5ca1af).
GlobalProtect mode is requested by adding --protocol=gp +to the command line: +
+ openconnect --protocol=gp vpn.example.com ++
To authenticate, you connect to the secure web server (POST
diff --git a/www/index.xml b/www/index.xml
index 28d0b95a..ec2147e9 100644
--- a/www/index.xml
+++ b/www/index.xml
@@ -9,15 +9,18 @@
OpenConnect
-
OpenConnect is an SSL VPN client initially created to support Cisco's AnyConnect SSL VPN. It has since been ported to support the Juniper SSL VPN which is now known as Pulse Connect Secure.
+OpenConnect is an SSL VPN client initially created to support Cisco's AnyConnect SSL VPN. +It has since been ported to support the Juniper SSL VPN (which is now known as Pulse Connect Secure), +and to the Palo Alto Networks GlobalProtect SSL VPN.
OpenConnect is released under the GNU Lesser Public License, version 2.1.
Like vpnc, OpenConnect is not officially supported by, or associated in any way -with, Cisco Systems, Juniper Networks or Pulse Secure. It just happens to interoperate with their equipment. +with, Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks. +It just happens to interoperate with their equipment.
-Development of OpenConnect was started after a trial of the Cisco +
Development of OpenConnect was started after a trial of the Cisco client under Linux found it to have many deficiencies:
For the time being, Juniper mode is requested by adding --juniper +
Juniper mode is requested by adding --protocol=nc to the command line:
- openconnect --juniper vpn.example.com + openconnect --protocol=nc vpn.example.com
Network Connect works very similarly to @@ -65,7 +65,7 @@ pass the cookie to OpenConnect with its -C option, for example:
-Many sites require a Java applet to run certain tests as a precondition of authentication. This works by sending a DSPREAUTH cookie @@ -80,7 +80,7 @@ along with the tncc-preload.so from this repository. It may also be necessary to pass a Mozilla-compatible user agent string:
- ./openconnect --juniper --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com + ./openconnect --protocol=nc --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com