OpenConnect version v7.08 Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS

Usage: openconnect [options] <server> Open client for Cisco AnyConnect VPN, version v7.08 Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS --config=CONFIGFILE Read options from config file -b, --background Continue in background after startup --pid-file=PIDFILE Write the daemon's PID to this file -c, --certificate=CERT Use SSL client certificate CERT -e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS -k, --sslkey=KEY Use SSL private key file KEY -C, --cookie=COOKIE Use WebVPN cookie COOKIE --cookie-on-stdin Read cookie from standard input -d, --deflate Enable compression (default) -D, --no-deflate Disable compression --force-dpd=INTERVAL Set minimum Dead Peer Detection interval -g, --usergroup=GROUP Set login usergroup -h, --help Display help text -i, --interface=IFNAME Use IFNAME for tunnel interface -l, --syslog Use syslog for progress messages --timestamp Prepend timestamp to progress messages --passtos copy TOS / TCLASS when using DTLS -U, --setuid=USER Drop privileges after connecting --csd-user=USER Drop privileges during CSD execution --csd-wrapper=SCRIPT Run SCRIPT instead of CSD binary -m, --mtu=MTU Request MTU from server (legacy servers only) --base-mtu=MTU Indicate path MTU to/from server -p, --key-password=PASS Set key passphrase or TPM SRK PIN --key-password-from-fsid Key passphrase is fsid of file system -P, --proxy=URL Set proxy server --proxy-auth=METHODS Set proxy authentication methods --no-proxy Disable proxy --libproxy Use libproxy to automatically configure proxy --pfs Require perfect forward secrecy -q, --quiet Less output -Q, --queue-len=LEN Set packet queue limit to LEN pkts -s, --script=SCRIPT Shell command line for using a vpnc-compatible config script default: "/usr/share/vpnc-scripts/vpnc-script" -S, --script-tun Pass traffic to 'script' program, not tun -u, --user=NAME Set login username -V, --version Report version number -v, --verbose More output --dump-http-traffic Dump HTTP authentication traffic (implies --verbose -x, --xmlconfig=CONFIG XML config file --authgroup=GROUP Choose authentication login selection --authenticate Authenticate only and print login info --cookieonly Fetch webvpn cookie only; don't connect --printcookie Print webvpn cookie before connecting --cafile=FILE Cert file for server verification --disable-ipv6 Do not ask for IPv6 connectivity --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS --no-dtls Disable DTLS --no-http-keepalive Disable HTTP connection re-use --no-passwd Disable password/SecurID authentication --no-cert-check Do not require server SSL cert to be valid --no-system-trust Disable default system certificate authorities --no-xmlpost Do not attempt XML POST authentication --non-inter Do not expect user input; exit if it is required --passwd-on-stdin Read password from standard input --token-mode=MODE Software token type: rsa, totp or hotp --token-secret=STRING Software token secret --reconnect-timeout Connection retry timeout in seconds --servercert=FINGERPRINT Server's certificate SHA1 fingerprint --useragent=STRING HTTP header User-Agent: field --local-hostname=STRING Local hostname to advertise to server --resolve=HOST:IP Use IP when connecting to HOST --os=STRING OS type (linux,linux-64,win,...) to report --dtls-local-port=PORT Set local port for DTLS datagrams For assistance with OpenConnect, please see the web page at http://www.infradead.org/openconnect/mail.html