Multi-protocol support documentation

author Daniel Lenski <dlenski@gmail.com>

Thu, 8 Apr 2021 21:32:32 +0000 (14:32 -0700)

committer Daniel Lenski <dlenski@gmail.com>

Thu, 8 Apr 2021 21:50:52 +0000 (14:50 -0700)
author Daniel Lenski <dlenski@gmail.com>
Thu, 8 Apr 2021 21:32:32 +0000 (14:32 -0700)
committer Daniel Lenski <dlenski@gmail.com>
Thu, 8 Apr 2021 21:50:52 +0000 (14:50 -0700)
diff --git a/www/Makefile.am b/www/Makefile.am

index b0c89044b46354f6445c523ed7ad2396e2eed365..971f26febde5f6f84d8ba102105367245e39ee21 100644 (file)
--- a/www/Makefile.am
+++ b/www/Makefile.am
@@ -6,7 +6,7 @@ CONV    = "$(srcdir)/html.py"
  FTR_PAGES = csd.html charset.html token.html pkcs11.html tpm.html features.html gui.html nonroot.html hip.html tncc.html
  START_PAGES = building.html connecting.html manual.html vpnc-script.html
  INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html licence.html
-PROTO_PAGES = anyconnect.html fortinet.html f5.html globalprotect.html juniper.html pulse.html
+PROTO_PAGES = protocols.html anyconnect.html fortinet.html f5.html globalprotect.html juniper.html pulse.html
  TOPLEVEL_PAGES = contribute.html mail.html
  
  ALL_PAGES = $(FTR_PAGES) $(START_PAGES) $(INDEX_PAGES) $(TOPLEVEL_PAGES) $(PROTO_PAGES)
diff --git a/www/index.xml b/www/index.xml

index 45929336afd53e8f81e2342353c72d5e57f7edf3..ae92d10327e1b5b0be824536e2cfa1f7e622290f 100644 (file)
--- a/www/index.xml
+++ b/www/index.xml
@@ -9,21 +9,19 @@
         <INCLUDE file="inc/content.tmpl" />
  
  <h1>OpenConnect</h1>
-<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>.
-It has since been ported to support the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
-and the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>.</p>
+<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a></p>
+
+<p>It has since been ported to support several other proprietary VPN protocols:
+the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
+the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>,
+the <a href="https://www.f5.com/products/big-ip-services">F5 Big-IP SSL VPN</a>,
+and the <a href="https://www.fortinet.com/products/vpn">Fortinet Fortigate SSL VPN</a>.</p>
  
  <p>An openconnect VPN server (<a href="https://www.infradead.org/ocserv">ocserv</a>), which implements an improved version of the Cisco AnyConnect protocol,
  has also been written.</p>
  
  <p>OpenConnect is released under the <a href="licence.html">GNU Lesser Public License, version 2.1</a>.</p>
  
-<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
-OpenConnect is not officially supported by, or associated in any way
-with, Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks.
-It just happens to interoperate with their equipment.
-</p>
-
  <h2>Motivation</h2>
  
  <p>Development of OpenConnect was started after a trial of the Cisco
@@ -46,5 +44,21 @@ client under Linux found it to have many deficiencies:</p>
  <p>Naturally, OpenConnect addresses all of the above issues, and more.
  </p>
  
+<h2>Multi-protocol support</h2>
+
+<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
+OpenConnect is not officially supported by, or associated in any way
+with Cisco Systems, nor with Juniper Networks, Pulse Secure,
+Palo Alto Networks, F5, or Fortinet.
+It just happens to interoperate with their equipment.</p>
+
+<p>Wherever possible, OpenConnect presents a uniform API and command-line
+interface to each of these VPNs. For example,
+<a href="manual.html"><tt>openconnect --force-dpd=10</tt></a>
+will attempt dead peer detection every 10 seconds on every VPN that
+supports it, even though the actual mechanism used may be protocol-specific.
+Protocol-specific features and deficiencies are described on the
+<a href="protocol.html">individual protocol pages</a>.</p>
+
         <INCLUDE file="inc/footer.tmpl" />
  </PAGE>
diff --git a/www/menu1.xml b/www/menu1.xml

index 511e3ef5828e252845a6b92225ff2954b055db65..f5849a67e9949d4a5ad0aff970499c86fe8e97bf 100644 (file)
--- a/www/menu1.xml
+++ b/www/menu1.xml
@@ -5,7 +5,7 @@
         <MENU topic="Getting Started" link="building.html" mode="VAR_SEL_STARTED" />
         <MENU topic="Mailing List / Help" link="mail.html" mode="VAR_SEL_MAIL" />
         <MENU topic="Contribute" link="contribute.html" mode="VAR_SEL_CONTRIBUTE" />
-       <MENU topic="Protocols" link="anyconnect.html" mode="VAR_SEL_PROTOCOLS" />
+       <MENU topic="Protocols" link="protocols.html" mode="VAR_SEL_PROTOCOLS" />
         <MENU topic="VPN Server" link="http://www.infradead.org/ocserv/" mode="VAR_SEL_SERVER" />
         <MENU topic="OpenConnect VPN client" link="" mode="text" />
         <ENDMENU />
diff --git a/www/protocols.xml b/www/protocols.xml

new file mode 100644 (file)

index 0000000..e93aeb7
--- /dev/null
+++ b/www/protocols.xml
@@ -0,0 +1,36 @@
+<PAGE>
+       <INCLUDE file="inc/header.tmpl" />
+
+       <VAR match="VAR_SEL_PROTOCOLS" replace="selected" />
+       <VAR match="VAR_SEL_ANYCONNECT" replace="selected" />
+       <PARSE file="menu1.xml" />
+       <PARSE file="menu2-protocols.xml" />
+
+       <INCLUDE file="inc/content.tmpl" />
+
+<h1>Protocols</h1>
+
+<p>OpenConnect was initially created to support Cisco's AnyConnect SSL VPN. This remains the default protocol used by the client, if not otherwise specified.
+See <a href="manual.xml">the <tt>--protocol</tt> option</a> for how to use a different protocol with the command-line client.</p>
+
+<p>The following pages document protocol-specific features and deficiencies:</p>
+
+<ul>
+  <li><a href="anyconnect.html">Details</a> on support for
+  Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a> (<tt>--protocol=anyconnect</tt>).
+  The OpenConnect VPN server, <a href="https://ocserv.gitlab.io/www/index.html">ocserv</a>, now implements an improved version of this protocol.</li>
+  <li><a href="juniper.html">Details</a> on support for
+  Juniper SSL VPN (<tt>--protocol=nc</tt>)</li>
+  <li><a href="juniper.html">Details</a> on support for
+  <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a> SSL VPN (<tt>--protocol=pulse</tt>;
+  most Pulse VPNs also support the older Juniper protocol, unless explicitly disabled)</li>
+  <li><a href="globalprotect.html">Details</a> on support for
+  <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a> (<tt>--protocol=gp</tt>)</li>
+  <li><a href="f5.html">Details</a> on support for
+  <a href="https://www.f5.com/products/big-ip-services">F5 Big-IP SSL VPN</a> (<tt>--protocol=f5</tt>; PPP-based)</li>
+  <li><a href="fortinet.html">Details</a> on support for
+  <a href="https://www.fortinet.com/products/vpn">Fortinet Fortigate SSL VPN</a> (<tt>--protocol=fortinet</tt>; PPP-based)</li>
+</ul>
+
+       <INCLUDE file="inc/footer.tmpl" />
+</PAGE>
author	Daniel Lenski <dlenski@gmail.com>
	Thu, 8 Apr 2021 21:32:32 +0000 (14:32 -0700)
committer	Daniel Lenski <dlenski@gmail.com>
	Thu, 8 Apr 2021 21:50:52 +0000 (14:50 -0700)
www/Makefile.am		patch \| blob \| history
www/index.xml		patch \| blob \| history
www/menu1.xml		patch \| blob \| history
www/protocols.xml	[new file with mode: 0644]	patch \| blob