.OP \-\-no\-passwd
.OP \-\-non\-inter
.OP \-\-passwd\-on\-stdin
+.OP \-\-stoken[=\fItoken-string\fP]
.OP \-\-reconnect\-timeout
.OP \-\-servercert sha1
.OP \-\-useragent string
+.OP \-\-os string
.B [https://]\fIserver\fB[:\fIport\fB][/\fIgroup\fB]
.YS
.B \-\-passwd\-on\-stdin
Read password from standard input
.TP
+.B \-\-stoken[=\fItoken-string\fP]
+Use libstoken to generate one-time passwords compatible with the RSA SecurID
+system (when built with libstoken support). If \fItoken-string\fP is omitted,
+libstoken will try to use the software token seed stored in \fI~/.stokenrc\fP,
+if this file exists.
+.TP
.B \-\-reconnect\-timeout
Keep reconnect attempts until so much seconds are elapsed. The default
timeout is 300 seconds, which means that openconnect can recover
as 'User\-Agent:' field value in HTTP header.
(e.g. \-\-useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')
.TP
+.B \-\-os=STRING
+OS type to report to gateway. Recognized values are: linux, linux-64, mac,
+win. Reporting a different OS type may affect the security policy applied
+to the VPN session.
+.TP
.B \-\-dtls\-local\-port=PORT
Use
.I PORT