Rechercher une page de manuel
openconnect
Langue: en
Version: 176034 (fedora - 06/07/09)
Section: 8 (Commandes administrateur)
NAME
openconnect - Connect to Cisco AnyConnect VPNSYNOPSIS
openconnect [ -c,--certificate CERT ] [ -k,--sslkey KEY ] [ -C,--cookie COOKIE ] [ --cookie-on-stdin ] [ -d,--deflate ] [ -D,--no-deflate ] [ -g,--usergroup GROUP ] [ -h,--help ] [ -i,--interface IFNAME ] [ -l,--syslog ] [ -U,--setuid USER ] [ -m,--mtu MTU ] [ -p,--tpm-password PASS ] [ -q,--quiet ] [ -Q,--queue-len LEN ] [ -s,--script SCRIPT ] [ -S,--script-tun ] [ -t,--tpm ] [ -T,--tun-fd ] [ -u,--user NAME ] [ -V,--version ] [ -v,--verbose ] [ -x,--xmlconfig CONFIG ] [ --cookieonly ] [ --printcookie ] [ --cafile FILE ] [ --no-dtls ] [ --no-passwd ] [ --passwd-on-stdin ] [ --reconnect-timeout ] serverDESCRIPTION
The program openconnect connects to Cisco "AnyConnect" VPN servers, which use standard TLS and DTLS protocols for data transport.The connection happens in two phases. First there is a simple HTTPS connection over which the user authenticates somehow - by using a certificate, or password or SecurID, etc. Having authenticated, the user is rewarded with an HTTP cookie which can be used to make the real VPN connection.
The second phase uses that cookie in an HTTPS CONNECT request, and data packets can be passed over the resulting connection. In auxiliary headers exchanged with the CONNECT request, a Session-ID and Master Secret for a DTLS connection are also exchanged, which allows data transport over UDP to occur.
OPTIONS
- -c,--certificate=CERT
- Use SSL client certificate CERT
- -k,--sslkey=KEY
- Use SSL private key file KEY
- -C,--cookie=COOKIE
- Use WebVPN cookie COOKIE
- --cookie-on-stdin
- Read cookie from standard input
- -d,--deflate
- Enable compression (default)
- -D,--no-deflate
- Disable compression
- -g,--usergroup=GROUP
- Use GROUP as login UserGroup
- -h,--help
- Display help text
- -i,--interface=IFNAME
- Use IFNAME for tunnel interface
- -l,--syslog
- Use syslog for progress messages
- -U,--setuid=USER
- Drop privileges after connecting, to become user USER
- -m,--mtu=MTU
- Request MTU from server
- -p,--tpm-password=PASS
- Provide SRK (System Root Key) PIN for TPM
- -q,--quiet
- Less output
- -Q,--queue-len=LEN
- Set packet queue limit to LEN pkts
- -s,--script=SCRIPT
- Use vpnc-compatible config script
- -S,--script-tun
- Pass traffic to 'script' program, not tun
- -t,--tpm
- Use TPM engine for private key
- -T,--tun-fd
- File descriptor to use for passing traffic
- -u,--user=NAME
- Set login username to NAME
- -V,--version
- Report version number
- -v,--verbose
- More output
- -x,--xmlconfig=CONFIG
- XML config file
- --cookieonly
- Fetch webvpn cookie only; don't connect
- --printcookie
- Print webvpn cookie before connecting
- --cafile=FILE
- Cert file for server verification
- --no-dtls
- Disable DTLS
- --no-passwd
- Never attempt password (or SecurID) authentication
- --passwd-on-stdin
- Read password from standard input
- --reconnect-timeout
- Keep reconnect attempts until so much seconds are elapsed. The default timeout is 300 seconds, which means that openconnect can recover VPN connection after a temporary network down time of 300 seconds.
LIMITATIONS
The openconnect client does not yet support IPv6 connectivity, although it is known that Cisco's servers do. We have not yet found a suitably configured server against which we can test IPv6 functionality. Please contact the author if you are able to configure such a server so that we can test IPv6 support against it.AUTHORS
David Woodhouse <dwmw2@infradead.org>Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre