10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello all,
I am using the VPN provider Private Internet Access.
I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great.
Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service
I wonder if I can create a... (5 Replies)
Discussion started by: haloslayer255
5 Replies
2. IP Networking
First of all, hello.
I have a problem installing a vpn server and client.
My server is a computer running windows 7, and windows, running a virtual machine running debian.
In the debian system, I've the vpn server installed (SoftEther VPN Server)
The problems come when I try to connect to... (1 Reply)
Discussion started by: Blues23
1 Replies
3. UNIX for Dummies Questions & Answers
Hi there,
Believe it or not, the word VPN doesn't give any search result in the forum.
I'm trying to get started with VPN.
I'm currently in the process of setting up a server.
I found a lot of howtos on the web.
There's still one thing that I'm not sure of.
My plan is to setup the VPN... (4 Replies)
Discussion started by: chebarbudo
4 Replies
4. IP Networking
I have a Cisco 1841 router configured as Easy VPN Server. Here is the configuration of the router:
Cisco# Cisco#show running-config Building configuration... Current configura - Pastebin.com
I have a Centos 5.7 server with installed Cisco VPN client for Linux. The client successfully... (0 Replies)
Discussion started by: rcbandit
0 Replies
5. AIX
Hi,
I have a task requested by my boss to create a script to enable a server to connect to a vpn network and then to connect to another server to upload some data...
How can I connect to a vpn network from AIX server? via telnet? ssh?
I have tried to google but mostly the answers are... (1 Reply)
Discussion started by: mushr00m
1 Replies
6. Solaris
How do I tell if Cisco IOS VPN server IKE is running on my solaris 10 system (1 Reply)
Discussion started by: pgsanders
1 Replies
7. IP Networking
Hi Gurus, I have a question:
I have a connection VPN to my Branch Office, but some day the Network administrator send an e-mail and he tell me that I must be disconnected the VPN. But In that moment I don't use the VPN, Someone was coneccted to the VPN I think.
The Question is:
I want to know... (0 Replies)
Discussion started by: andresguillen
0 Replies
8. OS X (Apple)
I am a MAC user evaluating electronic medical record software. I found a package which is UNIX server based. Can anyone tell me if MAC OS X can be used in this situation. The software is nexgen (www.nexgen.com).
How UNIX "compatible" is MAC OS X?
I apologize for my very limited UNIX... (7 Replies)
Discussion started by: kaye32608
7 Replies
9. Solaris
I would like to setup my solaris 10 x86 system as a vpn server. I can't seem to find any good links on setting it up. Do you guys have some links that could walk me thru on setting up the vpn server so that windows clients can connect to it? (4 Replies)
Discussion started by: kungpow
4 Replies
10. UNIX for Advanced & Expert Users
If I want to access unix box via VPN tunnel,from windows box.
What sould I configure on the windows client PC, and what should I enable on the Unix Server box ?
I am using Solaris V10 intel platform, and I am using windows XP, and 2003 for client (0 Replies)
Discussion started by: zillah
0 Replies
OPENCONNECT(8) System Manager's Manual OPENCONNECT(8)
NAME
openconnect - Connect to Cisco AnyConnect VPN
SYNOPSIS
openconnect [--config configfile] [-b,--background] [--pid-file pidfile] [-c,--certificate cert] [-e,--cert-expire-warning days]
[-k,--sslkey key] [-K,--key-type type] [-C,--cookie cookie] [--cookie-on-stdin] [-d,--deflate] [-D,--no-deflate]
[--force-dpd interval] [-g,--usergroup group] [-h,--help] [-i,--interface ifname] [-l,--syslog] [-U,--setuid user]
[--csd-user user] [-m,--mtu mtu] [-p,--key-password pass] [-P,--proxy proxyurl] [--no-proxy] [--libproxy]
[--key-password-from-fsid] [--key-type type] [-q,--quiet] [-Q,--queue-len len] [-s,--script vpnc-script] [-S,--script-tun]
[-u,--user name] [-V,--version] [-v,--verbose] [-x,--xmlconfig config] [--authgroup group] [--cookieonly] [--printcookie]
[--cafile file] [--disable-ipv6] [--dtls-ciphers list] [--no-cert-check] [--no-dtls] [--no-http-keepalive] [--no-passwd]
[--non-inter] [--passwd-on-stdin] [--reconnect-timeout] [--servercert sha1] [--useragent string]
[https://]server[:port][/group]
DESCRIPTION
The program openconnect connects to Cisco "AnyConnect" VPN servers, which use standard TLS and DTLS protocols for data transport.
The connection happens in two phases. First there is a simple HTTPS connection over which the user authenticates somehow - by using a cer-
tificate, or password or SecurID, etc. Having authenticated, the user is rewarded with an HTTP cookie which can be used to make the real
VPN connection.
The second phase uses that cookie in an HTTPS CONNECT request, and data packets can be passed over the resulting connection. In auxiliary
headers exchanged with the CONNECT request, a Session-ID and Master Secret for a DTLS connection are also exchanged, which allows data
transport over UDP to occur.
OPTIONS
--config=CONFIGFILE
Read further options from CONFIGFILE before continuing to process options from the command line. The file should contain long-format
options as would be accepted on the command line, but without the two leading -- dashes. Empty lines, or lines where the first non-
space character is a # character, are ignored.
Any option except the config option may be specified in the file.
-b,--background
Continue in background after startup
--pid-file=PIDFILE
Save the pid to PIDFILE when backgrounding
-c,--certificate=CERT
Use SSL client certificate CERT
-e,--cert-expire-warning=DAYS
Give a warning when SSL client certificate has DAYS left before expiry
-k,--sslkey=KEY
Use SSL private key file KEY
-C,--cookie=COOKIE
Use WebVPN cookie COOKIE
--cookie-on-stdin
Read cookie from standard input
-d,--deflate
Enable compression (default)
-D,--no-deflate
Disable compression
--force-dpd=INTERVAL
Use INTERVAL as minimum Dead Peer Detection interval for CSTP and DTLS, forcing use of DPD even when the server doesn't request it.
-g,--usergroup=GROUP
Use GROUP as login UserGroup
-h,--help
Display help text
-i,--interface=IFNAME
Use IFNAME for tunnel interface
-l,--syslog
Use syslog for progress messages
-U,--setuid=USER
Drop privileges after connecting, to become user USER
--csd-user=USER
Drop privileges during CSD (Cisco Secure Desktop) script execution.
--csd-wrapper=SCRIPT
Run SCRIPT instead of the CSD (Cisco Secure Desktop) script.
-m,--mtu=MTU
Request MTU from server
-p,--key-password=PASS
Provide passphrase for certificate file, or SRK (System Root Key) PIN for TPM
-P,--proxy=PROXYURL
Use HTTP or SOCKS proxy for connection
--no-proxy
Disable use of proxy
--libproxy
Use libproxy to configure proxy automatically (when built with libproxy support)
--key-password-from-fsid
Passphrase for certificate file is automatically generated from the fsid of the file system on which it is stored. The fsid is
obtained from the statvfs(2) or statfs(2) system call, depending on the operating system. On a Linux or similar system with GNU
coreutils, the fsid used by this option should be equal to the output of the command:
stat --file-system --printf=%i\n $CERTIFICATE
It is not the same as the 128-bit UUID of the file system.
--key-type=TYPE
Type of private key file (PKCS#12, TPM or PEM)
-q,--quiet
Less output
-Q,--queue-len=LEN
Set packet queue limit to LEN pkts
-s,--script=SCRIPT
Invoke SCRIPT to configure the network after connection. Without this, routing and name service are unlikely to work correctly. The
script is expected to be compatible with the vpnc-script which is shipped with the "vpnc" VPN client. See
http://www.infradead.org/openconnect/vpnc-script.html for more information. This version of OpenConnect is configured to use
/usr/share/vpnc-scripts/vpnc-script by default.
-S,--script-tun
Pass traffic to 'script' program over a UNIX socket, instead of to a kernel tun/tap device. This allows the VPN IP traffic to be
handled entirely in userspace, for example by a program which uses lwIP to provide SOCKS access into the VPN.
-u,--user=NAME
Set login username to NAME
-V,--version
Report version number
-v,--verbose
More output
-x,--xmlconfig=CONFIG
XML config file
--authgroup=GROUP
Choose authentication login selection
--cookieonly
Fetch webvpn cookie only; don't connect
--printcookie
Print webvpn cookie before connecting
--cafile=FILE
Cert file for server verification
--disable-ipv6
Do not advertise IPv6 capability to server
--dtls-ciphers=LIST
Set OpenSSL ciphers to support for DTLS
--no-cert-check
Do not require server SSL certificate to be valid. Checks will still happen and failures will cause a warning message, but the con-
nection will continue anyway. You should not need to use this option - if your servers have SSL certificates which are not signed by
a trusted Certificate Authority, you can still add them (or your private CA) to a local file and use that file with the --cafile
option.
--no-dtls
Disable DTLS
--no-http-keepalive
Version 8.2.2.5 of the Cisco ASA software has a bug where it will forget the client's SSL certificate when HTTP connections are
being re-used for multiple requests. So far, this has only been seen on the initial connection, where the server gives an HTTP/1.0
redirect response with an explicit Connection: Keep-Alive directive. OpenConnect as of v2.22 has an unconditional workaround for
this, which is never to obey that directive after an HTTP/1.0 response.
However, Cisco's support team has failed to give any competent response to the bug report and we don't know under what other circum-
stances their bug might manifest itself. So this option exists to disable ALL re-use of HTTP sessions and cause a new connection to
be made for each request. If your server seems not to be recognising your certificate, try this option. If it makes a difference,
please report this information to the openconnect-devel@lists.infradead.org mailing list.
--no-passwd
Never attempt password (or SecurID) authentication.
--non-inter
Do not expect user input; exit if it is required.
--passwd-on-stdin
Read password from standard input
--reconnect-timeout
Keep reconnect attempts until so much seconds are elapsed. The default timeout is 300 seconds, which means that openconnect can
recover VPN connection after a temporary network down time of 300 seconds.
--servercert=SHA1
Accept server's SSL certificate only if its fingerprint matches SHA1.
--useragent=STRING
Use STRING as 'User-Agent:' field value in HTTP header. (e.g. --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')
LIMITATIONS
Note that although IPv6 has been tested on all platforms on which openconnect is known to run, it depends on a suitable vpnc-script to con-
figure the network. The standard vpnc-script shipped with vpnc 0.5.3 is not capable of setting up IPv6 routes; the one from
git://git.infradead.org/users/dwmw2/vpnc-scripts.git will be required.
AUTHORS
David Woodhouse <dwmw2@infradead.org>
OPENCONNECT(8)