openconnect 7.08-3 / usr / share / doc / openconnect / html / anyconnect.html

This file is indexed.

/usr/share/doc/openconnect/html/anyconnect.html is in openconnect 7.08-3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>OpenConnect VPN client.</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta name="description" content="VPN client compatible with Cisco AnyConnect SSL VPN" />
    <meta name="keywords" content="OpenConnect, AnyConnect, Cisco, VPN, SSLVPN, SSL VPN" />
    <link href="./styles/main.css" rel="styleSheet" type="text/css" />
    <link href='http://fonts.googleapis.com/css?family=Raleway' rel='stylesheet' type='text/css' />
 </head>
 
<body>
   <div id="logo" align="right">	
     <img src="./images/openconnect.png" height="96px" alt="OpenConnect" />
   </div>
   <div id="main">



	
	
	
	<div id="menu1">

	<span class="nonsel">
<a href="index.html"><span>Home</span></a>
</span>

	<span class="nonsel">
<a href="features.html"><span>Features</span></a>
</span>

	<span class="nonsel">
<a href="building.html"><span>Getting Started</span></a>
</span>

	<span class="nonsel">
<a href="mail.html"><span>Mailing List / Help</span></a>
</span>

	<span class="nonsel">
<a href="contribute.html"><span>Contribute</span></a>
</span>

	<span class="sel">
<a href="anyconnect.html"><span>Protocols</span></a>
</span>

	<span class="nonsel">
<a href="http://www.infradead.org/ocserv/"><span>VPN Server</span></a>
</span>

	<p>OpenConnect VPN client</p>

	</div>

	
	<div id="menu2">

        <span class="sel">
<a href="anyconnect.html"><span>AnyConnect</span></a>
</span>

        <span class="nonsel">
<a href="juniper.html"><span>Juniper</span></a>
</span>

	</div>

	
	     <div id="textbox">
       <div id="text">
	</div>


<h1>Cisco AnyConnect</h1>

<h2>How the VPN works</h2>

<p>The VPN is extremely simple, based almost entirely on the standard
HTTPS and <a href="http://www.rfc-editor.org/rfc/rfc4347.txt">DTLS</a>
protocols. You connect to the secure web server, authenticate using
certificates and/or arbitrary web forms, and you are rewarded with a
standard HTTP cookie.</p>

<p>You then use this cookie in an HTTP <tt>CONNECT</tt> request, and can
then pass traffic over that connection. IP addresses and routing
information are passed back and forth in the headers of that
<tt>CONNECT</tt> request.</p>

<p>Since <a href="http://sites.inka.de/~W1011/devel/tcp-tcp.html">TCP
over TCP is very suboptimal</a>, the VPN also attempts to use UDP
datagrams, and will only <em>actually</em> pass traffic over the HTTPS
connection if that fails. The UDP connectivity is done using Datagram
TLS, which is supported by OpenSSL.</p>

<h2>DTLS compatibility</h2>

<p><i><b>Note: DTLS is optional and not required for basic connectivity, as explained above.</b></i></p>

<p>Unfortunately, Cisco used an old version of OpenSSL for their server,
which predates the official RFC and has a few differences in the
implementation of DTLS.
</p>
<h3>OpenSSL</h3>
<p>Compatibility support for their "speshul" version of the protocol is
in the 0.9.8m and later releases of OpenSSL (and 1.0.0-beta2 and later).
</p>
<p><b>NOTE:</b> OpenSSL 1.0.0k, 1.0.1d and 1.0.1e have introduced bugs which
break this compatibility. See the <a href="http://lists.infradead.org/pipermail/openconnect-devel/2013-February/000827.html">thread</a> on the mailing list, which has patches for each.</p>

<p>If you are using an older version of OpenSSL which predates the
compatibility, you will need to apply this patch from OpenSSL CVS:</p>
<ul>
  <li><a href="http://cvs.openssl.org/chngview?cn=18037">http://cvs.openssl.org/chngview?cn=18037</a> (OpenSSL <a href="http://rt.openssl.org/Ticket/Display.html?id=1751&amp;user=guest&amp;pass=guest">RT#1751</a>)</li>
</ul>

For versions older than 0.9.8j, some generic DTLS bug fixes are also required:
<ul>
  <li><a href="http://cvs.openssl.org/chngview?cn=17500">http://cvs.openssl.org/chngview?cn=17500</a>  (OpenSSL <a href="http://rt.openssl.org/Ticket/Display.html?id=1703&amp;user=guest&amp;pass=guest">RT#1703</a>)</li>
  <li><a href="http://cvs.openssl.org/chngview?cn=17505">http://cvs.openssl.org/chngview?cn=17505</a> (OpenSSL <a href="http://rt.openssl.org/Ticket/Display.html?id=1752&amp;user=guest&amp;pass=guest">RT#1752</a>) </li>
</ul>
The username/password for OpenSSL RT is 'guest/guest'

<h3>GnuTLS</h3>

<p>Support for Cisco's version of DTLS was included in GnuTLS from 3.0.21 onwards.</p>

	      </div>
   </div>
  </body>
</html>

APT Browse - Built by Thomas Orozco.