OPENCONNECT - Manpage
From Wiki.IT-Arts.net
For Fortigate :
openconnect --protocol=fortinet fortigate.example.com
Manpage
openconnect --help Usage: openconnect [options] <server> Open client for multiple VPN protocols, version v9.01-3 Using GnuTLS 3.7.9. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP --config=CONFIGFILE Read options from config file -V, --version Report version number -h, --help Display help text Set VPN protocol: --protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default) --protocol=nc Compatible with Juniper Network Connect --protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN --protocol=pulse Compatible with Pulse Connect Secure SSL VPN --protocol=f5 Compatible with F5 BIG-IP SSL VPN --protocol=fortinet Compatible with FortiGate SSL VPN --protocol=array Compatible with Array Networks SSL VPN Authentication: -u, --user=NAME Set login username --no-passwd Disable password/SecurID authentication --non-inter Do not expect user input; exit if it is required --passwd-on-stdin Read password from standard input --authgroup=GROUP Choose authentication login selection -F, --form-entry=FORM:OPT=VALUE Provide authentication form responses -c, --certificate=CERT Use SSL client certificate CERT -k, --sslkey=KEY Use SSL private key file KEY -e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS -g, --usergroup=GROUP Set login usergroup -p, --key-password=PASS Set key passphrase or TPM SRK PIN --external-browser=BROWSER Set external browser executable --key-password-from-fsid Key passphrase is fsid of file system --token-mode=MODE Software token type: rsa, totp, hotp or oidc --token-secret=STRING Software token secret or oidc token Server validation: --servercert=FINGERPRINT Accept only server certificate with this fingerprint --no-system-trust Disable default system certificate authorities --cafile=FILE Cert file for server verification Internet connectivity: --server=SERVER Set VPN server -P, --proxy=URL Set proxy server --proxy-auth=METHODS Set proxy authentication methods --no-proxy Disable proxy --libproxy Use libproxy to automatically configure proxy --reconnect-timeout=SECONDS Reconnection retry timeout (default is 300 seconds) --resolve=HOST:IP Use IP when connecting to HOST --passtos Copy TOS / TCLASS field into DTLS and ESP packets --dtls-local-port=PORT Set local port for DTLS and ESP datagrams Authentication (two-phase): -C, --cookie=COOKIE Use authentication cookie COOKIE --cookie-on-stdin Read cookie from standard input --authenticate Authenticate only and print login info --cookieonly Fetch and print cookie only; don't connect --printcookie Print cookie before connecting Process control: -b, --background Continue in background after startup --pid-file=PIDFILE Write the daemon's PID to this file -U, --setuid=USER Drop privileges after connecting Logging (two-phase): -l, --syslog Use syslog for progress messages -v, --verbose More output -q, --quiet Less output --dump-http-traffic Dump HTTP authentication traffic (implies --verbose) --timestamp Prepend timestamp to progress messages VPN configuration script: -i, --interface=IFNAME Use IFNAME for tunnel interface -s, --script=SCRIPT Shell command line for using a vpnc-compatible config script default: "/usr/share/vpnc-scripts/vpnc-script" -S, --script-tun Pass traffic to 'script' program, not tun Tunnel control: --disable-ipv6 Do not ask for IPv6 connectivity -x, --xmlconfig=CONFIG XML config file -m, --mtu=MTU Request MTU from server (legacy servers only) --base-mtu=MTU Indicate path MTU to/from server -d, --deflate Enable stateful compression (default is stateless only) -D, --no-deflate Disable all compression --force-dpd=INTERVAL Set Dead Peer Detection interval (in seconds) --pfs Require perfect forward secrecy --no-dtls Disable DTLS and ESP --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS -Q, --queue-len=LEN Set packet queue limit to LEN pkts Local system information: --useragent=STRING HTTP header User-Agent: field --local-hostname=STRING Local hostname to advertise to server --os=STRING OS type to report. Allowed values are the following: linux, linux-64, win, mac-intel, android, apple-ios --version-string=STRING reported version string during authentication (default: v9.01-3) Trojan binary (CSD) execution: --csd-user=USER Drop privileges during trojan execution --csd-wrapper=SCRIPT Run SCRIPT instead of trojan binary --force-trojan=INTERVAL Set minimum interval between trojan runs (in seconds) Server bugs: --no-http-keepalive Disable HTTP connection re-use --no-xmlpost Do not attempt XML POST authentication --allow-insecure-crypto Allow use of the ancient, insecure 3DES and RC4 ciphers Multiple certificate authentication (MCA): --mca-certificate=MCACERT Use MCA certificate MCACERT --mca-key=MCAKEY Use MCA key MCAKEY --mca-key-password=MCAPASS Passphrase MCAPASS for MCACERT/MCAKEY
Usefull Links
For assistance with OpenConnect, please see the web page at :