<h1>Features</h1>
<ul>
- <li>Use of SSL certificates from smart cards / PKCS#11 tokens <i>(when built with GnuTLS)</i> or from TPM <i>(when built with OpenSSL)</i>.</li>
<li>Connection through HTTP proxy, including <a href="http://code.google.com/p/libproxy/">libproxy</a> support for automatic proxy configuration.</li>
<li>Connection through SOCKS5 proxy.</li>
<li>Automatic detection of IPv4 and IPv6 address, routes.</li>
<li>Authentication via HTTP forms.</li>
- <li>Authentication using SSL certificates, from local file or <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">Trusted Platform Module</a>.</li>
+ <li>Authentication using SSL certificates — from local file, <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">Trusted Platform Module</a> and <i>(when built with GnuTLS)</i> PKCS#11 smartcards.</li>
<li><i>UserGroup</i> support for selecting between multiple configurations on a single VPN server.</li>
<li>Data transport over TCP <i>(HTTPS)</i> or UDP <i>(DTLS)</i>.</li>
<li>Keepalive and Dead Peer Detection on both HTTPS and DTLS.</li>
<p>Development of OpenConnect was started after a trial of their "official"
client under Linux found it to have many deficiencies:</p>
<ul>
- <li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a>, or even use a passphrase.</li>
+ <li>Inability to use SSL certificates from a <a href="http://en.wikipedia.org/wiki/Trusted_Platform_Module">TPM</a> or
+ <a href="http://en.wikipedia.org/wiki/PKCS11">PKCS#11</a> smartcard, or even use a passphrase.</li>
<li>Lack of support for Linux platforms other than i386.</li>
<li>Lack of integration with NetworkManager on the Linux desktop.</li>
<li>Lack of proper (RPM/DEB) packaging for Linux distributions.</li>