Fill in a few missing references to GlobalProtect, TNCC, and DTLS sup…

…port in the docs

Also clarifies the command-line options regarding compression

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

main.c

@@ -863,8 +863,8 @@ static void usage(void)
 	printf("  -x, --xmlconfig=CONFIG          %s\n", _("XML config file"));
 	printf("  -m, --mtu=MTU                   %s\n", _("Request MTU from server (legacy servers only)"));
 	printf("      --base-mtu=MTU              %s\n", _("Indicate path MTU to/from server"));
-	printf("  -d, --deflate                   %s\n", _("Enable compression (default)"));
-	printf("  -D, --no-deflate                %s\n", _("Disable compression"));
+	printf("  -d, --deflate                   %s\n", _("Enable stateful compression (default is stateless only)"));
+	printf("  -D, --no-deflate                %s\n", _("Disable all compression"));
 	printf("      --force-dpd=INTERVAL        %s\n", _("Set minimum Dead Peer Detection interval"));
 	printf("      --pfs                       %s\n", _("Require perfect forward secrecy"));
 	printf("      --no-dtls                   %s\n", _("Disable DTLS and ESP"));

www/anyconnect.xml

@@ -59,7 +59,7 @@ The username/password for OpenSSL RT is 'guest/guest'
 
 <h3>GnuTLS</h3>
 
-<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.</p>
+<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards (<a href="https://gitlab.com/nmav/gnutls/commit/fd5ca1afb7b223f1ce0c5330f2611996491c6aae">commited in <tt>fd5ca1af</tt></a>).</p>
 
 	<INCLUDE file="inc/footer.tmpl" />
 </PAGE>

www/features.xml

@@ -24,7 +24,7 @@
   <li>Automatic update of VPN server list / configuration.</li>
   <li>Roaming support, allowing reconnection when the local IP address changes.</li>
   <li>Run without root privileges <i>(see <a href="nonroot.html">here</a>)</i>.</li>
-  <li>Support for "Cisco Secure Desktop" <i>(see <a href="csd.html">here</a>)</i> and "GlobalProtect HIP report" <i>(see <a href="hip.html">here</a>)</i>.</li>
+  <li>Support for "Cisco Secure Desktop" <i>(see <a href="csd.html">here</a>)</i>, Juniper TNCC <i>(see <a href="juniper.html#tncc">here</a>)</i>, and "GlobalProtect HIP report" <i>(see <a href="hip.html">here</a>)</i>.</li>
   <li>Graphical connection tools for various environments <i>(see <a href="gui.html">here</a>)</i>.</li>
 </ul>
 

www/globalprotect.xml

@@ -16,6 +16,12 @@
 href="https://tools.ietf.org/html/rfc3948">ESP</a>, with routing and
 configuration information distributed in XML format.</p>
 
+<p>GlobalProtect mode is requested by adding <tt>--protocol=gp</tt>
+to the command line:
+<pre>
+  openconnect --protocol=gp vpn.example.com
+</pre></p>
+
 <h3>Authentication</h3>
 
 <p>To authenticate, you connect to the secure web server (<tt>POST

www/index.xml

@@ -9,15 +9,18 @@
 	<INCLUDE file="inc/content.tmpl" />
 
 <h1>OpenConnect</h1>
-<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>. It has since been ported to support the Juniper SSL VPN which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>.</p>
+<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>.
+It has since been ported to support the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
+and to the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>.</p>
 
 <p>OpenConnect is released under the GNU Lesser Public License, version 2.1.</p>
 
 <p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
 OpenConnect is not officially supported by, or associated in any way
-with, Cisco Systems, Juniper Networks or Pulse Secure. It just happens to interoperate with their equipment.
+with, Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks.
+It just happens to interoperate with their equipment.
 </p>
-<p>Development of OpenConnect was started after a trial of the Cisco 
+<p>Development of OpenConnect was started after a trial of the Cisco
 client under Linux found it to have many deficiencies:</p>
 <ul>
   <li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or

www/juniper.xml

@@ -16,10 +16,10 @@ experimental, and is quite likely to be deprecated in favour of the newer
 <a href="http://www.juniper.net/techpubs/en_US/junos-pulse4.0/topics/reference/a-c-c-nc-comparing.html">Junos
 Pulse</a> protocol.</p>
 
-<p>For the time being, Juniper mode is requested by adding <tt>--juniper</tt>
+<p>Juniper mode is requested by adding <tt>--protocol=nc</tt>
 to the command line:
 <pre>
-  openconnect --juniper vpn.example.com
+  openconnect --protocol=nc vpn.example.com
 </pre></p>
 
 <p>Network Connect works very similarly to
@@ -65,7 +65,7 @@ pass the cookie to OpenConnect with its <tt>-C</tt> option, for example:
 </pre>
 </p>
 
-<h3>Host Checker (tncc.jar)</h3>
+<a name="tncc"><h3>Host Checker (tncc.jar)</h3></a>
 
 <p>Many sites require a Java applet to run certain tests as a precondition
 of authentication. This works by sending a <tt>DSPREAUTH</tt> cookie
@@ -80,7 +80,7 @@ along with the <tt>tncc-preload.so</tt> from
 <a href="https://github.com/russdill/ncsvc-socks-wrapper">this repository</a>.
 It may also be necessary to pass a Mozilla-compatible user agent string:
 <pre>
-  ./openconnect --juniper --useragent  'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com
+  ./openconnect --protocol=nc --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com
 </pre>
 </p>