Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help me understand VPN
Top Forums UNIX for Beginners Questions & Answers Help me understand VPN Post 303045434 by Circuits on Friday 20th of March 2020 12:50:42 PM
Old 03-20-2020
Quote:
Originally Posted by stomp
There are lots of software packages and some different protocols that are used to operate VPNs.

I see, so then are both WireGuard and OpenConnect doing the same thing? I am just wondering because based on what I read on the OpenConnect homepage it seems like they have tailored their service to work with certain vendors like Cisco, which is the provider we use. I managed to get OpenConnect VPN working but I would rather use WireGuard if I can simply based on the article's description of it. So, as long as they are doing the same thing, why wouldn't I use WireGuard? Is it possible that a VPN can be tailored to work with certain vendors like Cisco? If they can, then perhaps I should be using OpenConnect.
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Trying to use MySql through a VPN

Hiya All, Problem after problem. I can't fire up MySql on my FC-3 Server at work I need to remote dial in past a VPN I get the following message Below. Is it something Obvious I need to do wrt to Config etc? I can't belive I cannot acces a STD DB past a VPN! other people in work do... (0 Replies)
Discussion started by: marty 600
0 Replies

2. UNIX for Dummies Questions & Answers

help with vpn

We have an older model DG Aviion Unix system and we're trying to switch to VPN but we can't talk to the Unix box... can't ping or telnet to it, but we can talk to all our other systems (PC/NT servers). Is there a network/tcpip setting we're missing? Something we have to change/set, either on... (0 Replies)
Discussion started by: markb
0 Replies

3. UNIX for Dummies Questions & Answers

One VPN question

Hi, My setup is as follows: 1) HeadOffice----->Private subnet: 192.168.0.0 2) Branch1-------->Private subnet: 192.168.200.0 I'm connecting from branch1 to headoffice thru VPN and I'm able to access all PC's except SCO UNIXWARE 7.1.1 box. I have made a search before posting this... (7 Replies)
Discussion started by: tayyabq8
7 Replies

4. IP Networking

Vpn

Hi, I have two unix networks connected via VPN via IPsec. I am using snapgear vpn devices at each location. The two devices can ping one another, as well as the unix network behind the respected devices. The unix machines can ping their local vpn devices. However, I am having issues pinging... (1 Reply)
Discussion started by: l8kerboi23
1 Replies

5. Linux

VPN Solutions

Hello Friends I want to know about VPN Solutions under Linux Please help me :confused: (6 Replies)
Discussion started by: jaibw
6 Replies

6. UNIX for Advanced & Expert Users

VPN and then

Hi, I want to work on a remote unix server, then on a windows XP station I have a Forticlient that makes a VPN to the network on which the server is situated. But then I do not know how to work with. In DOS box (cmd BOX) I issue: telnet myserver but It does not know IT. Any idea ? Many thanks. (2 Replies)
Discussion started by: big123456
2 Replies

7. Solaris

vpn not connecting

Hi, I have been using using internet explorer on windows for connecting with production server using vpn connection. i want to use same vpn to connect from solaris system to the production server.it is not connecting is there solution (0 Replies)
Discussion started by: malikshahid85
0 Replies

8. Cybersecurity

VPN Security

Hello Gurus : I had a question about VPN connection . Say for instance i have to connect from my point A to point B (Is the place where i initiate the VPN connection ) . From there i connect to point C (i.e Bank) . My question is this a secure connection . (from point A to C) Thanks... (3 Replies)
Discussion started by: tsbiju
3 Replies

9. Solaris

Vpn

Hi. Yesterday I installed Solaris 11.3 and I tried to setup a VPN but I didn't find how to make it. I saw the "network manager" where I found the ethernet connection but I didn't find where to add a VPN connection. When I used Debian Linux there was NetworkManagerVPN that with a GUI I... (0 Replies)
Discussion started by: Jena
0 Replies

LEARN ABOUT DEBIAN

openconnect

OPENCONNECT(8)						      System Manager's Manual						    OPENCONNECT(8)

NAME

       openconnect - Connect to Cisco AnyConnect VPN

SYNOPSIS

       openconnect [--config configfile] [-b,--background] [--pid-file pidfile] [-c,--certificate cert] [-e,--cert-expire-warning days]
		   [-k,--sslkey key] [-K,--key-type type] [-C,--cookie cookie] [--cookie-on-stdin] [-d,--deflate] [-D,--no-deflate]
		   [--force-dpd interval] [-g,--usergroup group] [-h,--help] [-i,--interface ifname] [-l,--syslog] [-U,--setuid user]
		   [--csd-user user] [-m,--mtu mtu] [-p,--key-password pass] [-P,--proxy proxyurl] [--no-proxy] [--libproxy]
		   [--key-password-from-fsid] [--key-type type] [-q,--quiet] [-Q,--queue-len len] [-s,--script vpnc-script] [-S,--script-tun]
		   [-u,--user name] [-V,--version] [-v,--verbose] [-x,--xmlconfig config] [--authgroup group] [--cookieonly] [--printcookie]
		   [--cafile file] [--disable-ipv6] [--dtls-ciphers list] [--no-cert-check] [--no-dtls] [--no-http-keepalive] [--no-passwd]
		   [--non-inter] [--passwd-on-stdin] [--reconnect-timeout] [--servercert sha1] [--useragent string]
		   [https://]server[:port][/group]

DESCRIPTION

       The program openconnect connects to Cisco "AnyConnect" VPN servers, which use standard TLS and DTLS protocols for data transport.

       The  connection happens in two phases. First there is a simple HTTPS connection over which the user authenticates somehow - by using a cer-
       tificate, or password or SecurID, etc.  Having authenticated, the user is rewarded with an HTTP cookie which can be used to make  the  real
       VPN connection.

       The  second  phase uses that cookie in an HTTPS CONNECT request, and data packets can be passed over the resulting connection. In auxiliary
       headers exchanged with the CONNECT request, a Session-ID and Master Secret for a DTLS connection are  also  exchanged,  which  allows  data
       transport over UDP to occur.

OPTIONS

       --config=CONFIGFILE
	      Read further options from CONFIGFILE before continuing to process options from the command line. The file should contain long-format
	      options as would be accepted on the command line, but without the two leading -- dashes. Empty lines, or lines where the first  non-
	      space character is a # character, are ignored.

	      Any option except the config option may be specified in the file.

       -b,--background
	      Continue in background after startup

       --pid-file=PIDFILE
	      Save the pid to PIDFILE when backgrounding

       -c,--certificate=CERT
	      Use SSL client certificate CERT

       -e,--cert-expire-warning=DAYS
	      Give a warning when SSL client certificate has DAYS left before expiry

       -k,--sslkey=KEY
	      Use SSL private key file KEY

       -C,--cookie=COOKIE
	      Use WebVPN cookie COOKIE

       --cookie-on-stdin
	      Read cookie from standard input

       -d,--deflate
	      Enable compression (default)

       -D,--no-deflate
	      Disable compression

       --force-dpd=INTERVAL
	      Use INTERVAL as minimum Dead Peer Detection interval for CSTP and DTLS, forcing use of DPD even when the server doesn't request it.

       -g,--usergroup=GROUP
	      Use GROUP as login UserGroup

       -h,--help
	      Display help text

       -i,--interface=IFNAME
	      Use IFNAME for tunnel interface

       -l,--syslog
	      Use syslog for progress messages

       -U,--setuid=USER
	      Drop privileges after connecting, to become user USER

       --csd-user=USER
	      Drop privileges during CSD (Cisco Secure Desktop) script execution.

       --csd-wrapper=SCRIPT
	      Run SCRIPT instead of the CSD (Cisco Secure Desktop) script.

       -m,--mtu=MTU
	      Request MTU from server

       -p,--key-password=PASS
	      Provide passphrase for certificate file, or SRK (System Root Key) PIN for TPM

       -P,--proxy=PROXYURL
	      Use HTTP or SOCKS proxy for connection

       --no-proxy
	      Disable use of proxy

       --libproxy
	      Use libproxy to configure proxy automatically (when built with libproxy support)

       --key-password-from-fsid
	      Passphrase  for  certificate  file  is  automatically  generated from the fsid of the file system on which it is stored. The fsid is
	      obtained from the statvfs(2) or statfs(2) system call, depending on the operating system. On a Linux  or	similar  system  with  GNU
	      coreutils, the fsid used by this option should be equal to the output of the command:
	      stat --file-system --printf=%i\n $CERTIFICATE
	      It is not the same as the 128-bit UUID of the file system.

       --key-type=TYPE
	      Type of private key file (PKCS#12, TPM or PEM)

       -q,--quiet
	      Less output

       -Q,--queue-len=LEN
	      Set packet queue limit to LEN pkts

       -s,--script=SCRIPT
	      Invoke  SCRIPT to configure the network after connection. Without this, routing and name service are unlikely to work correctly. The
	      script  is  expected  to	be  compatible	with  the   vpnc-script   which   is   shipped	 with	the   "vpnc"   VPN   client.   See
	      http://www.infradead.org/openconnect/vpnc-script.html  for  more	information.  This  version  of  OpenConnect  is configured to use
	      /usr/share/vpnc-scripts/vpnc-script by default.

       -S,--script-tun
	      Pass traffic to 'script' program over a UNIX socket, instead of to a kernel tun/tap device. This allows the VPN  IP  traffic  to	be
	      handled entirely in userspace, for example by a program which uses lwIP to provide SOCKS access into the VPN.

       -u,--user=NAME
	      Set login username to NAME

       -V,--version
	      Report version number

       -v,--verbose
	      More output

       -x,--xmlconfig=CONFIG
	      XML config file

       --authgroup=GROUP
	      Choose authentication login selection

       --cookieonly
	      Fetch webvpn cookie only; don't connect

       --printcookie
	      Print webvpn cookie before connecting

       --cafile=FILE
	      Cert file for server verification

       --disable-ipv6
	      Do not advertise IPv6 capability to server

       --dtls-ciphers=LIST
	      Set OpenSSL ciphers to support for DTLS

       --no-cert-check
	      Do  not require server SSL certificate to be valid. Checks will still happen and failures will cause a warning message, but the con-
	      nection will continue anyway. You should not need to use this option - if your servers have SSL certificates which are not signed by
	      a  trusted  Certificate  Authority,  you can still add them (or your private CA) to a local file and use that file with the --cafile
	      option.

       --no-dtls
	      Disable DTLS

       --no-http-keepalive
	      Version 8.2.2.5 of the Cisco ASA software has a bug where it will forget the client's SSL  certificate  when  HTTP  connections  are
	      being  re-used  for multiple requests. So far, this has only been seen on the initial connection, where the server gives an HTTP/1.0
	      redirect response with an explicit Connection: Keep-Alive directive. OpenConnect as of v2.22 has	an  unconditional  workaround  for
	      this, which is never to obey that directive after an HTTP/1.0 response.

	      However, Cisco's support team has failed to give any competent response to the bug report and we don't know under what other circum-
	      stances their bug might manifest itself. So this option exists to disable ALL re-use of HTTP sessions and cause a new connection	to
	      be  made	for  each request. If your server seems not to be recognising your certificate, try this option. If it makes a difference,
	      please report this information to the openconnect-devel@lists.infradead.org mailing list.

       --no-passwd
	      Never attempt password (or SecurID) authentication.

       --non-inter
	      Do not expect user input; exit if it is required.

       --passwd-on-stdin
	      Read password from standard input

       --reconnect-timeout
	      Keep reconnect attempts until so much seconds are elapsed. The default timeout is 300 seconds,  which  means  that  openconnect  can
	      recover VPN connection after a temporary network down time of 300 seconds.

       --servercert=SHA1
	      Accept server's SSL certificate only if its fingerprint matches SHA1.

       --useragent=STRING
	      Use STRING as 'User-Agent:' field value in HTTP header.  (e.g. --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')

LIMITATIONS

       Note that although IPv6 has been tested on all platforms on which openconnect is known to run, it depends on a suitable vpnc-script to con-
       figure the network. The standard  vpnc-script  shipped  with  vpnc  0.5.3  is  not  capable  of	setting  up  IPv6  routes;  the  one  from
       git://git.infradead.org/users/dwmw2/vpnc-scripts.git will be required.

AUTHORS

       David Woodhouse <dwmw2@infradead.org>

																    OPENCONNECT(8)
All times are GMT -4. The time now is 05:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy