Index of /QNX/8.0-DEVELOPER_DESKTOP/RPi4_aarch64/OPENCONNECT/
| Name | Last Modified | Size | Type |
|---|
| ../ | | - | Directory |
| bin/ | 2026-Apr-30 18:15:09 | - | Directory |
| README.txt | 2026-Apr-30 18:23:33 | 6.9K | text/plain; charset=utf-8 |
### Openconnect on QNX 8.0 aarch64
https://www.infradead.org/openconnect/packages.html
### Binaries :
copy the bin/sbin/openconnect to /usr/local/sbin
copy the bin/lib/libopen* to /usr/local/lib
### vpnc-script
wget https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-script
mv vpnc-script /data
Usage: openconnect [options] <server>
Open client for multiple VPN protocols, version v9.12-265-ga7e75144
Using OpenSSL 3.6.0 1 Oct 2025. Features present: TPM (OpenSSL ENGINE not present), HOTP software token, TOTP software token, DTLS, ESP
--config=CONFIGFILE Read options from config file
-V, --version Report version number
-h, --help Display help text
Set VPN protocol:
--protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default)
--protocol=nc Compatible with Juniper Network Connect
--protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN
--protocol=pulse Compatible with Pulse Connect Secure SSL VPN
--protocol=f5 Compatible with F5 BIG-IP SSL VPN
--protocol=fortinet Compatible with FortiGate SSL VPN
--protocol=array Compatible with Array Networks SSL VPN
Authentication:
-u, --user=NAME Set login username
--no-passwd Disable password/SecurID authentication
--non-inter Do not expect user input; exit if it is required
--passwd-on-stdin Read password from standard input
--authgroup=GROUP Select GROUP from authentication dropdown (may be known
as "realm", "domain", "gateway"; protocol-dependent)
-F, --form-entry=FORM:OPT=VALUE Provide authentication form responses
-c, --certificate=CERT Use SSL client certificate CERT
-k, --sslkey=KEY Use SSL private key file KEY
-e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS
-g, --usergroup=GROUP Set path of initial request URL
-p, --key-password=PASS Set key passphrase or TPM SRK PIN
--external-browser=BROWSER Set external browser executable
--key-password-from-fsid Key passphrase is fsid of file system
--token-mode=MODE Software token type: rsa, totp, hotp or oidc
--token-secret=STRING Software token secret or oidc token
(NOTE: libstoken (RSA SecurID) disabled in this build)
(NOTE: Yubikey OATH disabled in this build)
Server validation:
--servercert=FINGERPRINT Accept only server certificate with this fingerprint
--no-system-trust Disable default system certificate authorities
--cafile=FILE Cert file for server verification
Internet connectivity:
--server=SERVER Set VPN server
-P, --proxy=URL Set proxy server
--proxy-auth=METHODS Set proxy authentication methods
--no-proxy Disable proxy
--libproxy Use libproxy to automatically configure proxy
(NOTE: libproxy disabled in this build)
--reconnect-timeout=SECONDS Reconnection retry timeout (default is 300 seconds)
--resolve=HOST:IP Use IP when connecting to HOST
--sni=HOST Always send HOST as TLS client SNI (domain fronting)
--passtos Copy TOS / TCLASS field into DTLS and ESP packets
--dtls-local-port=PORT Set local port for DTLS and ESP datagrams
Authentication (two-phase):
-C, --cookie=COOKIE Use authentication cookie COOKIE
--cookie-on-stdin Read cookie from standard input
--authenticate Authenticate only and print login info
--cookieonly Fetch and print cookie only; don't connect
--printcookie Print cookie before connecting
Process control:
-b, --background Continue in background after startup
--pid-file=PIDFILE Write the daemon's PID to this file
-U, --setuid=USER Drop privileges after connecting
Logging (two-phase):
-l, --syslog Use syslog for progress messages
-v, --verbose More output
-q, --quiet Less output
--dump-http-traffic Dump HTTP authentication traffic (implies --verbose)
--timestamp Prepend timestamp to progress messages
VPN configuration script:
-i, --interface=IFNAME Use IFNAME for tunnel interface
-s, --script=SCRIPT Shell command line for using a vpnc-compatible config script
default: "/data/vpnc-script"
-S, --script-tun Pass traffic to 'script' program, not tun
Tunnel control:
--disable-ipv6 Do not ask for IPv6 connectivity
-x, --xmlconfig=CONFIG XML config file
-m, --mtu=MTU Request MTU from server (legacy servers only)
--base-mtu=MTU Indicate path MTU to/from server
-d, --deflate Enable stateful compression (default is stateless only)
-D, --no-deflate Disable all compression
--force-dpd=INTERVAL Set Dead Peer Detection interval (in seconds)
--pfs Require perfect forward secrecy
--no-dtls Disable DTLS and ESP
--dtls-ciphers=LIST OpenSSL ciphers to support for DTLS
-Q, --queue-len=LEN Set packet queue limit to LEN pkts
Local system information:
--useragent=STRING HTTP header User-Agent: field
--local-hostname=STRING Local hostname to advertise to server
--os=STRING OS type to report. Allowed values are the following:
linux, linux-64, win, mac-intel, android, apple-ios
--version-string=STRING reported version string during authentication
(default: v9.12-265-ga7e75144)
Trojan binary (CSD) execution:
--csd-user=USER Drop privileges during trojan execution
--csd-wrapper=SCRIPT Run SCRIPT instead of trojan binary
--force-trojan=INTERVAL Set minimum interval between trojan runs (in seconds)
Server bugs:
--no-external-auth Do not offer or use auth methods requiring external browser
--no-http-keepalive Disable HTTP connection reuse
--no-xmlpost Do not attempt XML POST authentication
--allow-insecure-crypto Allow use of the ancient, insecure 3DES and RC4 ciphers
Multiple certificate authentication (MCA):
--mca-certificate=MCACERT Use MCA certificate MCACERT
--mca-key=MCAKEY Use MCA key MCAKEY
--mca-key-password=MCAPASS Passphrase MCAPASS for MCACERT/MCAKEY
For assistance with OpenConnect, please see the web page at
https://www.infradead.org/openconnect/mail.html