OpenConnect
Original author(s) | David Woodhouse |
---|---|
Developer(s) | Daniel Lenski, Nikos Mavrogiannopoulos |
Initial release | March 18, 2009[1] |
Stable release | 9.12
/ May 20, 2023[1] |
Repository | |
Type | VPN |
License | GNU LGPL v2.1[2] |
Website | www |
OpenConnect is a free and open-source cross-platform multi-protocol virtual private network (VPN) client software which implement secure point-to-point connections.
The OpenConnect client supports the following VPN protocols:
- Cisco AnyConnect
- Juniper Secure Connect (since 7.05)[3]
- Palo Alto Networks GlobalProtect (since 8.00)[4]
- Ivanti/Pulse Connect Secure (since 8.04)[5]
- F5 BIG-IP and
- Fortinet FortiGate and
- Array Networks AG SSL VPN (since 8.20)[6]
It was originally written as an open-source replacement for Cisco's proprietary AnyConnect SSL VPN client,[7] which is supported by several Cisco routers.
As of July 2023[update], support for several other proprietary VPN protocols is desired or in development:
- SonicWall NetExtender VPN support[8]
- Check Point SNX VPN support[9]
- H3C VPN support[10]
- Barracuda CloudGen Firewall VPN support[11]
- Huawei VPN support[12]
Architecture
[edit]The OpenConnect client is written primarily in C, and it contains much of the infrastructure necessary to add additional VPN protocols operating in a similar flow, and to connect to them via a common user interface:[13]
- Initial connection to the VPN server via TLS
- Authentication phase via HTTPS (using HTML forms, client certificates, XML, etc.)
- Server-provided routing configuration, in a protocol-agnostic format, which can be processed by a vpnc-script
- Data transport phase via a UDP-based tunnel (DTLS or ESP), with fallback to a TLS-based tunnel
- Built-in event loop to handle Dead Peer Detection, keepalive, rekeying, etc.
OpenConnect can be built to use either the GnuTLS or OpenSSL libraries for TLS, DTLS and cryptographic primitives.
Platforms
[edit]OpenConnect is available on Solaris, Linux, OpenBSD, FreeBSD, MacOS, and has graphical user interface clients for Windows,[14] GNOME,[15] and KDE.[16] A graphical client for OpenConnect is also available for Android devices,[17] and it has been integrated into router firmware packages such as OpenWrt.[18]
OpenConnect VPN graphical client
[edit]The OpenConnect project provide clients for Windows and macOS.[19]
Server
[edit]The OpenConnect project also offers an Cisco AnyConnect-compatible server, ocserv,[20] and thus offers a full client-server VPN solution.
OpenConnect and ocserv now implement an extended version of the Cisco AnyConnect VPN protocol, which has been proposed as an Internet Standard.[21] Both OpenConnect and ocserv strive to maintain backwards-compatibility with Cisco AnyConnect servers and clients.
Notable uses
[edit]OpenConnect's implementation of the Cisco AnyConnect protocol is sufficiently complete, such that some of Cisco's own IP phone devices embed a very old release of OpenConnect[22] in order to connect to Cisco SSL VPNs.[23][24]
References
[edit]- ^ a b infradead.org - OpenConnect: Changelog.
- ^ gitlab.com - OpenConnect: License.
- ^ "OpenConnect 7.05 release". lists.infradead.org. 2015-03-10. Retrieved 2023-07-10.
- ^ "OpenConnect 8.00 release". lists.infradead.org. 2019-01-04. Archived from the original on 2020-06-09.
- ^ "OpenConnect 8.04 release". lists.infradead.org. 2019-08-09. Retrieved 2023-07-10.
- ^ "OpenConnect 8.20 release". lists.infradead.org. 2022-02-20. Retrieved 2023-07-10.
- ^ ""Development of OpenConnect was started after a trial of the Cisco client under Linux found it to have many deficiencies …"". Infradead.org. Retrieved 2018-08-13.
- ^ "Issues - Draft: SonicWall NetExtender support".
- ^ "Merge requests - Draft: CheckPoint SNX support". 5 June 2021.
- ^ "Merge requests - Draft: Add H3C TLS VPN protocol". 23 July 2022.
- ^ "Issues - Add support for Barracuda CloudGen Firewall".
- ^ "Issues - Huawei SSL VPN support".
- ^ Daniel Lenski (September 17, 2020). "How VPNs Work- The Ins and Outs". DAMA Portland.
- ^ "OpenConnect graphical client". GitLab. Retrieved 2023-01-23.
- ^ "NetworkManager-openconnect". gnome.org. Retrieved 2020-01-27.
- ^ "NetworkManagement". kde.org. Retrieved 2014-10-28.
- ^ "Android UI for OpenConnect VPN client". GitLab. Retrieved 2023-01-23.
- ^ "VPN Overview". openwrt.org. Retrieved 2018-03-15.
- ^ https://gui.openconnect-vpn.net/ [bare URL]
- ^ OpenConnect VPN Server.
- ^ N. Mavrogiannopoulos (October 2020). The OpenConnect VPN Protocol Version 1.2. IETF. I-D draft-mavrogiannopoulos-openconnect-03.
- ^ "ocserv issues #51".
- ^ Nikos Mavrogiannopoulos. "Recipe: VoIP network with ocserv".
- ^ "Open Source License Notices for the SPA525G" (PDF). Cisco.