VPN服务器-ocserv
2013-04-09 11:33:30 
阿炯
ocserv 全称是 OpenConnect VPN Server。实现了 AnyConnect SSL VPN 协议,兼容 OpenConnection VPN 客户端。特点是体积小、安全和可配置,但依赖标准协议如 TLS 1.2 和数据报文 TLS。
OpenConnect VPN server (or ocserv), is a GNU/Linux server implementing the AnyConnect SSL VPN protocol and is compatible with the OpenConnect VPN client. Its purpose is to be a small, secure and configurable VPN server that depends on standard protocols like TLS 1.2, and Datagram TLS. The AnyConnect SSL VPN protocol was the closest protocol to match this requirement.
The VPN users can be authenticated using password, certificate authentication or any combination of methods. Authenticated users are assigned an unprivileged worker process and obtain a networking (tun) device and IP from a configurable pool of addresses.
Features
Supports password authentication (using PAM or a password file) over HTTPS, and certificate authentication.
Supports both TCP and UDP VPN tunnels using TLS 1.2 and Datagram TLS.Support for IPv6 and IPv4.
Each client is isolated on a separate process, with a separate networking device and IP.
Privilege separation between the authentication process and the worker processes.
Support for TCP wrappers (libwrap).
Registers VPN leases in UTMP and WTMP files.
Persistent storage of cookies, to allow a seamless server restart.
Support for the server key being stored in TPM, a hardware security module (HSM), or a smart card.
No support for compression.
最新版本:0.8
该版本允许组件只在水平和垂直方向上更改大小,修复 option 回掉问题等。
项目主页:http://www.infradead.org/ocserv/