mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-06 01:57:40 +00:00
81bf447722
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual TCP/UDP VPN channel, and uses the standard IETF security protocols to secure it. Both IPv4 and IPv6 are supported. Ocserv's main features are security through provilege separation and sandboxing, accounting, and resilience due to a combined use of TCP and UDP. Authentication occurs in an isolated security module process, and each user is assigned an unprivileged worker process, and a networking (tun) device. That not only eases the control of the resources of each user or group of users, but also prevents data leak (e.g., heartbleed-style attacks), and privilege escalation due to any bug on the VPN handling (worker) process. A management interface allows for viewing and querying logged-in users. WWW: http://www.infradead.org/ocserv/ PR: 202253 Submitted by: Carlos Jacobo Puga Medina <cpm@fbsd.es> Reviewed by: pi
21 lines
1.0 KiB
Plaintext
21 lines
1.0 KiB
Plaintext
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
|
|
to be a secure, small, fast and configurable VPN server. It implements
|
|
the OpenConnect SSL VPN protocol, and has also (currently experimental)
|
|
compatibility with clients using the AnyConnect SSL VPN protocol.
|
|
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
|
|
uses the standard IETF security protocols to secure it. Both IPv4
|
|
and IPv6 are supported.
|
|
|
|
Ocserv's main features are security through provilege separation
|
|
and sandboxing, accounting, and resilience due to a combined use
|
|
of TCP and UDP. Authentication occurs in an isolated security
|
|
module process, and each user is assigned an unprivileged worker
|
|
process, and a networking (tun) device. That not only eases the
|
|
control of the resources of each user or group of users, but also
|
|
prevents data leak (e.g., heartbleed-style attacks), and privilege
|
|
escalation due to any bug on the VPN handling (worker) process. A
|
|
management interface allows for viewing and querying logged-in
|
|
users.
|
|
|
|
WWW: http://www.infradead.org/ocserv/
|