<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>OpenConnect VPN client.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="VPN client compatible with Cisco AnyConnect SSL VPN" />
<meta name="keywords" content="OpenConnect, AnyConnect, Cisco, VPN, SSLVPN, SSL VPN" />
<link href="./styles/main.css" rel="styleSheet" type="text/css" />
<link href='http://fonts.googleapis.com/css?family=Raleway' rel='stylesheet' type='text/css' />
</head>
<body>
<div id="logo" align="right">
<img src="./images/openconnect.png" height="96px" alt="OpenConnect" />
</div>
<div id="main">
<div id="menu1">
<span class="sel">
<a href="index.html"><span>Home</span></a>
</span>
<span class="nonsel">
<a href="features.html"><span>Features</span></a>
</span>
<span class="nonsel">
<a href="building.html"><span>Getting Started</span></a>
</span>
<span class="nonsel">
<a href="mail.html"><span>Mailing List / Help</span></a>
</span>
<span class="nonsel">
<a href="contribute.html"><span>Contribute</span></a>
</span>
<span class="nonsel">
<a href="anyconnect.html"><span>Protocols</span></a>
</span>
<span class="nonsel">
<a href="http://www.infradead.org/ocserv/"><span>VPN Server</span></a>
</span>
<p>OpenConnect VPN client</p>
</div>
<div id="menu2">
<span class="sel">
<a href="index.html"><span>About</span></a>
</span>
<span class="nonsel">
<a href="platforms.html"><span>Supported Platforms</span></a>
</span>
<span class="nonsel">
<a href="download.html"><span>Download</span></a>
</span>
<span class="nonsel">
<a href="packages.html"><span>Packages</span></a>
</span>
<span class="nonsel">
<a href="changelog.html"><span>Changelog</span></a>
</span>
</div>
<div id="textbox">
<div id="text">
</div>
<h1>OpenConnect</h1>
<p>OpenConnect is an SSL VPN client initially created to support Cisco's <a href="http://www.cisco.com/go/asm">AnyConnect SSL VPN</a>. It has since been ported to support the Juniper SSL VPN which is now known as <a href="https://www.pulsesecure.net/products/connect-secure/">Pulse Connect Secure</a>.</p>
<p>OpenConnect is released under the GNU Lesser Public License, version 2.1.</p>
<p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
OpenConnect is not officially supported by, or associated in any way
with, Cisco Systems, Juniper Networks or Pulse Secure. It just happens to interoperate with their equipment.
</p>
<p>Development of OpenConnect was started after a trial of the Cisco
client under Linux found it to have many deficiencies:</p>
<ul>
<li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
<a href="http://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
<li>Lack of support for Linux platforms other than i386.</li>
<li>Lack of integration with NetworkManager on the Linux desktop.</li>
<li>Lack of proper (RPM/DEB) packaging for Linux distributions.</li>
<li>"Stealth" use of libraries with <tt>dlopen()</tt>, even using
the development-only symlinks such as <tt>libz.so</tt> —
making it hard to properly discover the dependencies which
proper packaging would have expressed</li>
<li>Tempfile races allowing unprivileged users to trick it into overwriting arbitrary files, as root.</li>
<li>Unable to run as an unprivileged user, which would have reduced the severity of the above bug.</li>
<li>Inability to audit the source code for further such "Security 101" bugs.</li>
</ul>
<p>Naturally, OpenConnect addresses all of the above issues, and more.
</p>
</div>
</div>
</body>
</html>
distrib
>
Mageia
>
6
>
x86_64
>
media
>
core-updates
>
by-pkgid
>
089c2a9bd5c4c7d29319ed88551fed0e
>
files
>
31
