cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/net/ocserv/pkg/DESCR
sthen 134ce96a0e Update ocserv's DESCR, mostly borrowed from the website - better information 
about the isolated security process and per-user unprivileged worker processes.
2015-07-03 10:16:31 +00:00

16 lines
1021 B
Plaintext
Raw Blame History

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server. It implements the OpenConnect
SSL VPN protocol, and has also (currently experimental) compatibility with
clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol
provides a dual TCP/UDP VPN channel, and uses the standard IETF security
protocols to secure it. Both IPv4 and IPv6 are supported.
Ocserv's main features are security through privilege separation and
sandboxing, accounting, and resilience due to a combined use of TCP and UDP.
Authentication occurs in an isolated security module process, and each user is
assigned an unprivileged worker process, and a networking (tun) device. That
not only eases the control of the resources of each user or group of users,
but also prevents data leak (e.g., heartbleed-style attacks), and privilege
escalation due to any bug on the VPN handling (worker) process. A management
interface allows for viewing and querying logged-in users.
Reference in New Issue View Git Blame Copy Permalink