Source: ocserv Section: net Priority: optional Maintainer: Aron Xu Uploaders: Mike Miller Build-Depends: autogen (>= 5.18.6), debhelper (>= 10), freeradius , gawk, gnutls-bin, gperf, gss-ntlmssp, haproxy , iproute2 , iputils-ping , libcjose-dev, libcurl4-gnutls-dev, libev-dev, libgnutls28-dev (>= 3.1.10), libhttp-parser-dev, libjansson-dev, libkrb5-dev, liblz4-dev, libmaxminddb-dev, libnl-route-3-dev [linux-any], libnss-wrapper, liboath-dev, libpam-wrapper, libpam0g-dev, libprotobuf-c-dev, libradcli-dev (>= 1.2.5), libreadline-dev, libseccomp-dev [linux-any], libsocket-wrapper, libtalloc-dev, libuid-wrapper, nettle-dev, nuttcp , pkg-config, protobuf-c-compiler, ronn, tcpdump , yajl-tools Standards-Version: 4.5.1 Homepage: http://www.infradead.org/ocserv/ VCS-Browser: https://salsa.debian.org/debian/ocserv VCS-Git: https://salsa.debian.org/debian/ocserv.git Package: ocserv Architecture: any Depends: adduser, lsb-base, ssl-cert, ${misc:Depends}, ${shlibs:Depends} Recommends: ca-certificates, gnutls-bin, iproute2, iputils-ping | inetutils-ping, nuttcp, dnsmasq Suggests: freeradius, haproxy Description: OpenConnect VPN server compatible with Cisco AnyConnect VPN OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS to provide the secure VPN service. The server is implemented primarily for the GNU/Linux platform but its code is designed to be portable to other UNIX variants as well. . Ocserv's main feature is isolation of the VPN users from the main VPN server process. Each authenticated user is assigned an unprivileged worker process, and a networking (tun) device. That not only eases the control of the resources of each user or group of users, but also prevents privilege escalation due to any bug on the VPN handling (worker) server. Each VPN user can be authenticated using password, PAM, public key (in a smart card or not) or any combination of methods.