printf(" -x, --xmlconfig=CONFIG %s\n", _("XML config file"));
printf(" -m, --mtu=MTU %s\n", _("Request MTU from server (legacy servers only)"));
printf(" --base-mtu=MTU %s\n", _("Indicate path MTU to/from server"));
- printf(" -d, --deflate %s\n", _("Enable compression (default)"));
- printf(" -D, --no-deflate %s\n", _("Disable compression"));
+ printf(" -d, --deflate %s\n", _("Enable stateful compression (default is stateless only)"));
+ printf(" -D, --no-deflate %s\n", _("Disable all compression"));
printf(" --force-dpd=INTERVAL %s\n", _("Set minimum Dead Peer Detection interval"));
printf(" --pfs %s\n", _("Require perfect forward secrecy"));
printf(" --no-dtls %s\n", _("Disable DTLS and ESP"));
<h3>GnuTLS</h3>
-<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.</p>
+<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards (<a href="https://gitlab.com/nmav/gnutls/commit/fd5ca1afb7b223f1ce0c5330f2611996491c6aae">commited in <tt>fd5ca1af</tt></a>).</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>
<li>Automatic update of VPN server list / configuration.</li>
<li>Roaming support, allowing reconnection when the local IP address changes.</li>
<li>Run without root privileges <i>(see <a href="nonroot.html">here</a>)</i>.</li>
- <li>Support for "Cisco Secure Desktop" <i>(see <a href="csd.html">here</a>)</i> and "GlobalProtect HIP report" <i>(see <a href="hip.html">here</a>)</i>.</li>
+ <li>Support for "Cisco Secure Desktop" <i>(see <a href="csd.html">here</a>)</i>
, Juniper TNCC <i>(see <a href="juniper.html#tncc">here</a>)</i>, and "GlobalProtect HIP report" <i>(see <a href="hip.html">here</a>)</i>.</li>
<li>Graphical connection tools for various environments <i>(see <a href="gui.html">here</a>)</i>.</li>
</ul>
href="https://tools.ietf.org/html/rfc3948">ESP</a>, with routing and
configuration information distributed in XML format.</p>
+<p>GlobalProtect mode is requested by adding <tt>--protocol=gp</tt>
+to the command line:
+<pre>
+ openconnect --protocol=gp vpn.example.com
+</pre></p>
+
<h3>Authentication</h3>
<p>To authenticate, you connect to the secure web server (<tt>POST
<INCLUDE file="inc/content.tmpl" />
<h1>OpenConnect</h1>
-<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>. It has since been ported to support the Juniper SSL VPN which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>.</p>
+<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>.
+It has since been ported to support the Juniper SSL VPN (which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>),
+and to the <a href="https://www.paloaltonetworks.com/features/vpn">Palo Alto Networks GlobalProtect SSL VPN</a>.</p>
<p>OpenConnect is released under the GNU Lesser Public License, version 2.1.</p>
<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
OpenConnect is not officially supported by, or associated in any way
-with, Cisco Systems, Juniper Networks or Pulse Secure. It just happens to interoperate with their equipment.
+with, Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks.
+It just happens to interoperate with their equipment.
</p>
-<p>Development of OpenConnect was started after a trial of the Cisco
+<p>Development of OpenConnect was started after a trial of the Cisco
client under Linux found it to have many deficiencies:</p>
<ul>
<li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
<a href="http://www.juniper.net/techpubs/en_US/junos-pulse4.0/topics/reference/a-c-c-nc-comparing.html">Junos
Pulse</a> protocol.</p>
-<p>For the time being, Juniper mode is requested by adding <tt>--juniper</tt>
+<p>Juniper mode is requested by adding <tt>--protocol=nc</tt>
to the command line:
<pre>
- openconnect --juniper vpn.example.com
+ openconnect --protocol=nc vpn.example.com
</pre></p>
<p>Network Connect works very similarly to
</pre>
</p>
-<h3>Host Checker (tncc.jar)</h3>
+<a name="tncc"><h3>Host Checker (tncc.jar)</h3></a>
<p>Many sites require a Java applet to run certain tests as a precondition
of authentication. This works by sending a <tt>DSPREAUTH</tt> cookie
<a href="https://github.com/russdill/ncsvc-socks-wrapper">this repository</a>.
It may also be necessary to pass a Mozilla-compatible user agent string:
<pre>
- ./openconnect --juniper --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com
+ ./openconnect --protocol=nc --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc-wrapper.py vpn.example.com
</pre>
</p>
projects / users / dwmw2 / openconnect.git / commitdiff