GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

updated manual

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2013-02-20 21:23:26 +01:00
parent 04abc9067f
commit bbca1c2736
4 changed files with 22 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
doc/ocserv.1
View File

@@ -1,8 +1,8 @@
.TH ocserv 1 "19 Feb 2013" "0.0.1" "User Commands"
.TH ocserv 1 "20 Feb 2013" "0.0.1" "User Commands"
.\"
.\" DO NOT EDIT THIS FILE (ocserv-args.man)
.\"
.\" It has been AutoGen-ed February 19, 2013 at 07:11:24 PM by AutoGen 5.16
.\" It has been AutoGen-ed February 20, 2013 at 09:23:10 PM by AutoGen 5.16
.\" From the definitions ../src/ocserv-args.def.tmp
.\" and the template file agman-cmd.tpl
.\"
@@ -22,10 +22,7 @@ used by CISCO's AnyConnect SSL VPN.
Multiple authentication methods are available including PAM and certificate
authentication.
Authenticated users are assigned an unprivileged worker process and obtain
a networking (tun) device and IP from a configurable pool of address.
Currently there is no tool to manipulate logged-in users. However,
they can be disconnected by killing their worker process. The pid of that
process is available from the command 'who -u' if utmp logging is enabled.
a networking (tun) device and IP from a configurable pool of addresses.
.SH "OPTIONS"
.TP
.BR \-f ", " -\-foreground
@@ -55,6 +52,10 @@ Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.SH AUTHENTICATION
Users can be authenticated in multiple ways, which are explained in the following
paragraphs. Once authenticated users can be disconnected by killing their worker process.
The pid of that process is available from the command 'who \-u' if utmp logging is enabled.
.sp
.br
\fBPassword authentication\fP
.br
@@ -288,32 +289,7 @@ Successful program execution.
.BR 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.SH COMPATIBILITY
.br
\fBFeatures of the server\fP
.br
.in +4
.ti -4
\fB*\fP
Supports both TCP and UDP VPN tunnels using TLS 1.2 and Datagram TLS.
.ti -4
\fB*\fP
Support for the server key being stored in TPM, hardware security modules (HSM), or even a smart card. They can be specified as files using the tpmkey or pkcs11 URLs.
.ti -4
\fB*\fP
Authentication using PAM or certificates.
.ti -4
\fB*\fP
Each client is isolated from the others on a separate process with a separate tun device. This allows routing using the system facilies, allows having separate settings per user or group (e.g. bandwidth limits).
.ti -4
\fB*\fP
Privilege separation between the main process which performs TUN allocation and authentication, with the worker processes which handles messages from the client.
.ti -4
\fB*\fP
Registers VPN leases to UTMP and WTMP files.
.ti -4
\fB*\fP
Persistent storage of cookies, to allow a seamless server restart.
.in -4
The server has been tested to be compatible with the openconnect VPN client.
.SH "AUTHORS"
Nikos Mavrogiannopoulos
.SH "COPYRIGHT"