openconnect 6.00-2 / usr / share / doc / openconnect / html / technical.html

This file is indexed.

/usr/share/doc/openconnect/html/technical.html is in openconnect 6.00-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>OpenConnect VPN client.</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="description" content="VPN client compatible with Cisco AnyConnect SSL VPN" />
    <meta name="keywords" content="OpenConnect, AnyConnect, Cisco, VPN, SSLVPN, SSL VPN" />
    <link href="./styles/main.css" rel="styleSheet" type="text/css" />
    <link href='http://fonts.googleapis.com/css?family=Delius' rel='stylesheet' type='text/css' />
 </head>
 
<body>
   <div id="logo" align="right">	
     <img src="./images/openconnect.png" height="96px" alt="OpenConnect" />
   </div>
   <div id="main">



	
	
	<div id="menu1">

	<span class="nonsel">
<a href="index.html"><span>Home</span></a>
</span>

	<span class="nonsel">
<a href="features.html"><span>Features</span></a>
</span>

	<span class="nonsel">
<a href="building.html"><span>Getting Started</span></a>
</span>

	<span class="nonsel">
<a href="mail.html"><span>Mailing List / Help</span></a>
</span>

	<span class="nonsel">
<a href="contribute.html"><span>Contribute</span></a>
</span>

	<span class="sel">
<a href="technical.html"><span>Technical stuff</span></a>
</span>

	<span class="nonsel">
<a href="http://www.infradead.org/ocserv/"><span>VPN Server</span></a>
</span>

	<p>OpenConnect VPN client</p>

	</div>

	
	     <div id="textbox">
       <div id="text">
	</div>


<h2>How the VPN works</h2>

<p>The VPN is extremely simple, based almost entirely on the standard
HTTPS and <a href="http://www.rfc-editor.org/rfc/rfc4347.txt">DTLS</a>
protocols. You connect to the secure web server, authenticate using
certificates and/or arbitrary web forms, and you are rewarded with a
standard HTTP cookie.</p>

<p>You then use this cookie in an HTTP <tt>CONNECT</tt> request, and can
then pass traffic over that connection. IP addresses and routing
information are passed back and forth in the headers of that
<tt>CONNECT</tt> request.</p>

<p>Since <a href="http://sites.inka.de/~W1011/devel/tcp-tcp.html">TCP
over TCP is very suboptimal</a>, the VPN also attempts to use UDP
datagrams, and will only <em>actually</em> pass traffic over the HTTPS
connection if that fails. The UDP connectivity is done using Datagram
TLS, which is supported by OpenSSL.</p>

<h2>DTLS compatibility</h2>

<p><i><b>Note: DTLS is optional and not required for basic connectivity, as explained above.</b></i></p>

<p>Unfortunately, Cisco used an old version of OpenSSL for their server,
which predates the official RFC and has a few differences in the
implementation of DTLS.
</p>
<h3>OpenSSL</h3>
<p>Compatibility support for their "speshul" version of the protocol is
in the 0.9.8m and later releases of OpenSSL (and 1.0.0-beta2 and later).
</p>
<p><b>NOTE:</b> OpenSSL 1.0.0k, 1.0.1d and 1.0.1e have introduced bugs which
break this compatibility. See the <a href="http://lists.infradead.org/pipermail/openconnect-devel/2013-February/000827.html">thread</a> on the mailing list, which has patches for each.</p>

<p>If you are using an older version of OpenSSL which predates the
compatibility, you will need to apply this patch from OpenSSL CVS:</p>
<ul>
  <li><a href="http://cvs.openssl.org/chngview?cn=18037">http://cvs.openssl.org/chngview?cn=18037</a> (OpenSSL <a href="http://rt.openssl.org/Ticket/Display.html?id=1751&amp;user=guest&amp;pass=guest">RT#1751</a>)</li>
</ul>

For versions older than 0.9.8j, some generic DTLS bug fixes are also required:
<ul>
  <li><a href="http://cvs.openssl.org/chngview?cn=17500">http://cvs.openssl.org/chngview?cn=17500</a>  (OpenSSL <a href="http://rt.openssl.org/Ticket/Display.html?id=1703&amp;user=guest&amp;pass=guest">RT#1703</a>)</li>
  <li><a href="http://cvs.openssl.org/chngview?cn=17505">http://cvs.openssl.org/chngview?cn=17505</a> (OpenSSL <a href="http://rt.openssl.org/Ticket/Display.html?id=1752&amp;user=guest&amp;pass=guest">RT#1752</a>) </li>
</ul>
The username/password for OpenSSL RT is 'guest/guest'

<h3>GnuTLS</h3>

<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.</p>

	      </div>
   </div>
  </body>
</html>

APT Browse - Built by Thomas Orozco.