套件:ocserv(1.3.0-1) [debports]
OpenConnect VPN server compatible with Cisco AnyConnect VPN
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS to provide the secure VPN service. The server is implemented primarily for the GNU/Linux platform but its code is designed to be portable to other UNIX variants as well.
Ocserv's main feature is isolation of the VPN users from the main VPN server process. Each authenticated user is assigned an unprivileged worker process, and a networking (tun) device. That not only eases the control of the resources of each user or group of users, but also prevents privilege escalation due to any bug on the VPN handling (worker) server. Each VPN user can be authenticated using password, PAM, public key (in a smart card or not) or any combination of methods.
其他與 ocserv 有關的套件
|
|
|
|
-
- dep: init-system-helpers (>= 1.54~)
- helper tools for all init systems
-
- dep: adduser
- add and remove users and groups
-
- dep: libc6 (>= 2.38)
- GNU C 函式庫:共用函式庫
同時作為一個虛擬套件由這些套件填實: libc6-udeb
-
- dep: libcrypt1 (>= 1:4.1.0)
- libcrypt shared library
-
- dep: libev4t64 (>= 1:4.04)
- high-performance event loop library modelled after libevent
-
- dep: libgnutls30t64 (>= 3.8.6)
- GNU TLS library - main runtime library
-
- dep: libgssapi-krb5-2 (>= 1.14+dfsg)
- MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
-
- dep: liblz4-1 (>= 0.0~r130)
- Fast LZ compression algorithm library - runtime
-
- dep: libmaxminddb0 (>= 1.0.2)
- IP geolocation database library
-
- dep: libnettle8t64
- low level cryptographic library (symmetric and one-way cryptos)
-
- dep: libnl-3-200 (>= 3.2.7)
- library for dealing with netlink sockets
-
- dep: libnl-route-3-200 (>= 3.2.7)
- library for dealing with netlink sockets - route interface
-
- dep: liboath0t64 (>= 1.8.0)
- OATH Toolkit Liboath library
-
- dep: libpam0g (>= 0.99.7.1)
- Pluggable Authentication Modules library
-
- dep: libprotobuf-c1 (>= 1.0.1)
- Protocol Buffers C shared library (protobuf-c)
-
- dep: libradcli4 (>= 1.2.11)
- Enhanced RADIUS client library
-
- dep: libreadline8t64 (>= 6.0)
- GNU readline 與 history 函式庫,執行時期函式庫
-
- dep: libseccomp2 (>= 0.0.0~20120605)
- high level interface to Linux seccomp filter
-
- dep: libsystemd0
- systemd utility library
-
- dep: libtalloc2 (>= 2.0.4~git20101213)
- hierarchical pool based memory allocator
-
- dep: libtasn1-6 (>= 4.14)
- 管理 ASN.1 結構 (執行階段)
-
- dep: ssl-cert
- simple debconf wrapper for OpenSSL
-
- rec: ca-certificates
- Common CA certificates
-
- rec: dnsmasq
- Small caching DNS proxy and DHCP/TFTP server - system daemon
-
- rec: gnutls-bin
- GNU TLS library - commandline utilities
-
- rec: iproute2
- networking and traffic control tools
-
- rec: iputils-ping
- 測試網路主機到達率的工具
- 或者 inetutils-ping
- ICMP echo tool
-
- rec: nuttcp
- network performance measurement tool
-
- sug: freeradius
- high-performance and highly configurable RADIUS server
-
- sug: haproxy
- fast and reliable load balancing reverse proxy