GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

updated manual

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2013-02-20 21:23:26 +01:00
parent 04abc9067f
commit bbca1c2736
4 changed files with 22 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
doc/ocserv.1
View File

@@ -1,8 +1,8 @@
.TH ocserv 1 "19 Feb 2013" "0.0.1" "User Commands"
.TH ocserv 1 "20 Feb 2013" "0.0.1" "User Commands"
.\"
.\" DO NOT EDIT THIS FILE (ocserv-args.man)
.\"
.\" It has been AutoGen-ed February 19, 2013 at 07:11:24 PM by AutoGen 5.16
.\" It has been AutoGen-ed February 20, 2013 at 09:23:10 PM by AutoGen 5.16
.\" From the definitions ../src/ocserv-args.def.tmp
.\" and the template file agman-cmd.tpl
.\"
@@ -22,10 +22,7 @@ used by CISCO's AnyConnect SSL VPN.
Multiple authentication methods are available including PAM and certificate
authentication.
Authenticated users are assigned an unprivileged worker process and obtain
a networking (tun) device and IP from a configurable pool of address.
Currently there is no tool to manipulate logged-in users. However,
they can be disconnected by killing their worker process. The pid of that
process is available from the command 'who -u' if utmp logging is enabled.
a networking (tun) device and IP from a configurable pool of addresses.
.SH "OPTIONS"
.TP
.BR \-f ", " -\-foreground
@@ -55,6 +52,10 @@ Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.SH AUTHENTICATION
Users can be authenticated in multiple ways, which are explained in the following
paragraphs. Once authenticated users can be disconnected by killing their worker process.
The pid of that process is available from the command 'who \-u' if utmp logging is enabled.
.sp
.br
\fBPassword authentication\fP
.br
@@ -288,32 +289,7 @@ Successful program execution.
.BR 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.SH COMPATIBILITY
.br
\fBFeatures of the server\fP
.br
.in +4
.ti -4
\fB*\fP
Supports both TCP and UDP VPN tunnels using TLS 1.2 and Datagram TLS.
.ti -4
\fB*\fP
Support for the server key being stored in TPM, hardware security modules (HSM), or even a smart card. They can be specified as files using the tpmkey or pkcs11 URLs.
.ti -4
\fB*\fP
Authentication using PAM or certificates.
.ti -4
\fB*\fP
Each client is isolated from the others on a separate process with a separate tun device. This allows routing using the system facilies, allows having separate settings per user or group (e.g. bandwidth limits).
.ti -4
\fB*\fP
Privilege separation between the main process which performs TUN allocation and authentication, with the worker processes which handles messages from the client.
.ti -4
\fB*\fP
Registers VPN leases to UTMP and WTMP files.
.ti -4
\fB*\fP
Persistent storage of cookies, to allow a seamless server restart.
.in -4
The server has been tested to be compatible with the openconnect VPN client.
.SH "AUTHORS"
Nikos Mavrogiannopoulos
.SH "COPYRIGHT"

17
src/ocserv-args.c
View File

@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (ocserv-args.c)
*
* It has been AutoGen-ed February 19, 2013 at 07:07:24 PM by AutoGen 5.16
* It has been AutoGen-ed February 20, 2013 at 09:23:08 PM by AutoGen 5.16
* From the definitions ocserv-args.def
* and the template file options
*
@@ -65,7 +65,7 @@ extern FILE * option_usage_fp;
/*
* ocserv option static const strings
*/
static char const ocserv_opt_strs[2057] =
static char const ocserv_opt_strs[1840] =
/* 0 */ "ocserv 0.0.1\n"
"Copyright (C) 2013 Nikos Mavrogiannopoulos, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -110,12 +110,9 @@ static char const ocserv_opt_strs[2057] =
"Multiple authentication methods are available including PAM and certificate\n"
"authentication. Authenticated users are assigned an unprivileged worker\n"
"process and obtain a networking (tun) device and IP from a configurable\n"
"pool of address.\n\n"
"Currently there is no tool to manipulate logged-in users. However, they\n"
"can be disconnected by killing their worker process. The pid of that\n"
"process is available from the command 'who -u' if utmp logging is enabled.\n\0"
/* 1969 */ "ocserv 0.0.1\0"
/* 1982 */ "Usage: ocserv [options] -c [config]\n"
"pool of addresses.\n\0"
/* 1752 */ "ocserv 0.0.1\0"
/* 1765 */ "Usage: ocserv [options] -c [config]\n"
"ocserv --help for usage instructions.\n";
/*
@@ -291,7 +288,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define zBugsAddr (ocserv_opt_strs+1279)
#define zExplain (ocserv_opt_strs+1317)
#define zDetail (ocserv_opt_strs+1320)
#define zFullVersion (ocserv_opt_strs+1969)
#define zFullVersion (ocserv_opt_strs+1752)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -305,7 +302,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define ocserv_full_usage (NULL)
#define ocserv_short_usage (ocserv_opt_strs+1982)
#define ocserv_short_usage (ocserv_opt_strs+1765)
#endif /* not defined __doxygen__ */

20
src/ocserv-args.def
View File

@@ -19,11 +19,8 @@ used by CISCO's AnyConnect SSL VPN.
Multiple authentication methods are available including PAM and certificate
authentication.
Authenticated users are assigned an unprivileged worker process and obtain
a networking (tun) device and IP from a configurable pool of address.
a networking (tun) device and IP from a configurable pool of addresses.";
Currently there is no tool to manipulate logged-in users. However,
they can be disconnected by killing their worker process. The pid of that
process is available from the command 'who -u' if utmp logging is enabled.";
copyright = {
@@ -205,6 +202,10 @@ doc-section = {
ds-type = 'AUTHENTICATION';
ds-format = 'texi';
ds-text = <<-_EOT_
Users can be authenticated in multiple ways, which are explained in the following
paragraphs. Once authenticated users can be disconnected by killing their worker process.
The pid of that process is available from the command 'who -u' if utmp logging is enabled.
@subheading Password authentication
If your system supports Pluggable Authentication Modules (PAM), then
ocserv will take advantage of it to password authenticate its users.
@@ -289,15 +290,6 @@ doc-section = {
ds-type = 'COMPATIBILITY';
ds-format = 'texi';
ds-text = <<-_EOT_
@subheading Features of the server
@itemize
@item Supports both TCP and UDP VPN tunnels using TLS 1.2 and Datagram TLS.
@item Support for the server key being stored in TPM, hardware security modules (HSM), or even a smart card. They can be specified as files using the tpmkey or pkcs11 URLs.
@item Authentication using PAM or certificates.
@item Each client is isolated from the others on a separate process with a separate tun device. This allows routing using the system facilies, allows having separate settings per user or group (e.g. bandwidth limits).
@item Privilege separation between the main process which performs TUN allocation and authentication, with the worker processes which handles messages from the client.
@item Registers VPN leases to UTMP and WTMP files.
@item Persistent storage of cookies, to allow a seamless server restart.
@end itemize
The server has been tested to be compatible with the openconnect VPN client.
_EOT_;
};

2
src/ocserv-args.h
View File

@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (ocserv-args.h)
*
* It has been AutoGen-ed February 19, 2013 at 07:07:24 PM by AutoGen 5.16
* It has been AutoGen-ed February 20, 2013 at 09:23:08 PM by AutoGen 5.16
* From the definitions ocserv-args.def
* and the template file options
*