2 <VAR match="VAR_ORIGIN" replace="" />
3 <VAR match="VAR_CVSID" replace=""/>
4 <INCLUDE file="inc/header.tmpl" />
6 <VAR match="VAR_SEL_INDEX" replace="selected" />
7 <VAR match="VAR_SEL_ABOUT" replace="selected" />
8 <PARSE file="menu1.xml" />
9 <PARSE file="menu2.xml" />
11 <INCLUDE file="inc/content.tmpl" />
14 <p>OpenConnect is a client for Cisco's <a href="http://www.cisco.com/en/US/netsol/ns1049/index.html">AnyConnect SSL VPN</a>, which is supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, and probably others.</p>
16 <p>OpenConnect is released under the GNU Lesser Public License, version 2.1.</p>
18 <p>Like <a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a>,
19 OpenConnect is not officially supported by, or associated in any way
20 with, Cisco Systems. It just happens to interoperate with their
23 <p>Development of OpenConnect was started after a trial of their "official"
24 client under Linux found it to have many deficiencies:</p>
26 <li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
27 <a href="http://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
28 <li>Lack of support for Linux platforms other than i386.</li>
29 <li>Lack of integration with NetworkManager on the Linux desktop.</li>
30 <li>Lack of proper (RPM/DEB) packaging for Linux distributions.</li>
31 <li>"Stealth" use of libraries with <tt>dlopen()</tt>, even using
32 the development-only symlinks such as <tt>libz.so</tt> —
33 making it hard to properly discover the dependencies which
34 proper packaging would have expressed</li>
35 <li>Tempfile races allowing unprivileged users to trick it into overwriting arbitrary files, as root.</li>
36 <li>Unable to run as an unprivileged user, which would have reduced the severity of the above bug.</li>
37 <li>Inability to audit the source code for further such "Security 101" bugs.</li>
40 <p>Naturally, OpenConnect addresses all of the above issues, and more.
43 <INCLUDE file="inc/footer.tmpl" />