openconnect --version (return code: 0)
OpenConnect version v7.08
Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS
openconnect --help (return code: 1)
Usage: openconnect [options] <server>
Open client for Cisco AnyConnect VPN, version v7.08
Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS
--config=CONFIGFILE Read options from config file
-b, --background Continue in background after startup
--pid-file=PIDFILE Write the daemon's PID to this file
-c, --certificate=CERT Use SSL client certificate CERT
-e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS
-k, --sslkey=KEY Use SSL private key file KEY
-C, --cookie=COOKIE Use WebVPN cookie COOKIE
--cookie-on-stdin Read cookie from standard input
-d, --deflate Enable compression (default)
-D, --no-deflate Disable compression
--force-dpd=INTERVAL Set minimum Dead Peer Detection interval
-g, --usergroup=GROUP Set login usergroup
-h, --help Display help text
-i, --interface=IFNAME Use IFNAME for tunnel interface
-l, --syslog Use syslog for progress messages
--timestamp Prepend timestamp to progress messages
--passtos copy TOS / TCLASS when using DTLS
-U, --setuid=USER Drop privileges after connecting
--csd-user=USER Drop privileges during CSD execution
--csd-wrapper=SCRIPT Run SCRIPT instead of CSD binary
-m, --mtu=MTU Request MTU from server (legacy servers only)
--base-mtu=MTU Indicate path MTU to/from server
-p, --key-password=PASS Set key passphrase or TPM SRK PIN
--key-password-from-fsid Key passphrase is fsid of file system
-P, --proxy=URL Set proxy server
--proxy-auth=METHODS Set proxy authentication methods
--no-proxy Disable proxy
--libproxy Use libproxy to automatically configure proxy
--pfs Require perfect forward secrecy
-q, --quiet Less output
-Q, --queue-len=LEN Set packet queue limit to LEN pkts
-s, --script=SCRIPT Shell command line for using a vpnc-compatible config script
default: "/usr/share/vpnc-scripts/vpnc-script"
-S, --script-tun Pass traffic to 'script' program, not tun
-u, --user=NAME Set login username
-V, --version Report version number
-v, --verbose More output
--dump-http-traffic Dump HTTP authentication traffic (implies --verbose
-x, --xmlconfig=CONFIG XML config file
--authgroup=GROUP Choose authentication login selection
--authenticate Authenticate only and print login info
--cookieonly Fetch webvpn cookie only; don't connect
--printcookie Print webvpn cookie before connecting
--cafile=FILE Cert file for server verification
--disable-ipv6 Do not ask for IPv6 connectivity
--dtls-ciphers=LIST OpenSSL ciphers to support for DTLS
--no-dtls Disable DTLS
--no-http-keepalive Disable HTTP connection re-use
--no-passwd Disable password/SecurID authentication
--no-cert-check Do not require server SSL cert to be valid
--no-system-trust Disable default system certificate authorities
--no-xmlpost Do not attempt XML POST authentication
--non-inter Do not expect user input; exit if it is required
--passwd-on-stdin Read password from standard input
--token-mode=MODE Software token type: rsa, totp or hotp
--token-secret=STRING Software token secret
--reconnect-timeout Connection retry timeout in seconds
--servercert=FINGERPRINT Server's certificate SHA1 fingerprint
--useragent=STRING HTTP header User-Agent: field
--local-hostname=STRING Local hostname to advertise to server
--resolve=HOST:IP Use IP when connecting to HOST
--os=STRING OS type (linux,linux-64,win,...) to report
--dtls-local-port=PORT Set local port for DTLS datagrams
For assistance with OpenConnect, please see the web page at
http://www.infradead.org/openconnect/mail.html