![]() ![]() Automatic update of VPN server list / configuration.Keepalive and Dead Peer Detection on both HTTPS and DTLS.Data transport over TCP (HTTPS) or UDP (DTLS or ESP).UserGroup support for selecting between multiple configurations on a single VPN server.Authentication using Yubikey OATH tokens (when built with libpcsclite). ![]() Authentication using OATH TOTP or HOTP software tokens.Authentication using SecurID software tokens (when built with libstoken).Authentication using SSL certificates - from local file, Trusted Platform Module and PKCS#11 smartcards.Automatic detection of IPv4 and IPv6 address, routes.Connection through HTTP proxy, including libproxy support for automatic proxy configuration.Naturally, OpenConnect addresses all of the above issues, and more. Inability to audit the source code for further such “Security 101” bugs.Unable to run as an unprivileged user, which would have reduced the severity of the above bug.Tempfile races allowing unprivileged users to trick it into overwriting arbitrary files, as root.“Stealth” use of libraries with dlopen(), even using the development-only symlinks such as libz.so - making it hard to properly discover the dependencies which proper packaging would have expressed.Lack of proper (RPM/DEB) packaging for Linux distributions.Lack of integration with NetworkManager on the Linux desktop.Lack of support for Linux platforms other than i386.Inability to use SSL certificates from a TPM or PKCS#11 smartcard, or even use a passphrase.Development of OpenConnect was started after a trial of the Cisco client under Linux found it to have many deficiencies: It just happens to interoperate with their equipment. Like vpnc, OpenConnect is not officially supported by, or associated in any way with, Cisco Systems, Juniper Networks or Pulse Secure. OpenConnect is released under the GNU Lesser Public License, version 2.1. It has since been ported to support the Juniper SSL VPN which is now known as Pulse Connect Secure. OpenConnect is an SSL VPN client initially created to support Cisco’s An圜onnect SSL VPN. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |