Jump to content

OpenConnect

From Wikipedia, the free encyclopedia
OpenConnect
Original author(s)David Woodhouse
Developer(s)Daniel Lenski, Nikos Mavrogiannopoulos
Initial releaseMarch 18, 2009 (2009-03-18)[1]
Stable release
9.12 / May 20, 2023; 16 months ago (2023-05-20)[1]
Repository
TypeVPN
LicenseGNU LGPL v2.1[2]
Websitewww.infradead.org/openconnect/

OpenConnect is a free and open-source cross-platform multi-protocol virtual private network (VPN) client software which implement secure point-to-point connections.

The OpenConnect client supports the following VPN protocols:

It was originally written as an open-source replacement for Cisco's proprietary AnyConnect SSL VPN client,[7] which is supported by several Cisco routers.

As of July 2023, support for several other proprietary VPN protocols is desired or in development:

Architecture

[edit]

The OpenConnect client is written primarily in C, and it contains much of the infrastructure necessary to add additional VPN protocols operating in a similar flow, and to connect to them via a common user interface:[13]

  • Initial connection to the VPN server via TLS
  • Authentication phase via HTTPS (using HTML forms, client certificates, XML, etc.)
  • Server-provided routing configuration, in a protocol-agnostic format, which can be processed by a vpnc-script
  • Data transport phase via a UDP-based tunnel (DTLS or ESP), with fallback to a TLS-based tunnel

OpenConnect can be built to use either the GnuTLS or OpenSSL libraries for TLS, DTLS and cryptographic primitives.

Platforms

[edit]

OpenConnect is available on Solaris, Linux, OpenBSD, FreeBSD, MacOS, and has graphical user interface clients for Windows,[14] GNOME,[15] and KDE.[16] A graphical client for OpenConnect is also available for Android devices,[17] and it has been integrated into router firmware packages such as OpenWrt.[18]

OpenConnect VPN graphical client

[edit]

The OpenConnect project provide clients for Windows and macOS.[19]

Server

[edit]

The OpenConnect project also offers an Cisco AnyConnect-compatible server, ocserv,[20] and thus offers a full client-server VPN solution.

OpenConnect and ocserv now implement an extended version of the Cisco AnyConnect VPN protocol, which has been proposed as an Internet Standard.[21] Both OpenConnect and ocserv strive to maintain backwards-compatibility with Cisco AnyConnect servers and clients.

Notable uses

[edit]

OpenConnect's implementation of the Cisco AnyConnect protocol is sufficiently complete, such that some of Cisco's own IP phone devices embed a very old release of OpenConnect[22] in order to connect to Cisco SSL VPNs.[23][24]

References

[edit]
  1. ^ a b infradead.org - OpenConnect: Changelog.
  2. ^ gitlab.com - OpenConnect: License.
  3. ^ "OpenConnect 7.05 release". lists.infradead.org. 2015-03-10. Retrieved 2023-07-10.
  4. ^ "OpenConnect 8.00 release". lists.infradead.org. 2019-01-04. Archived from the original on 2020-06-09.
  5. ^ "OpenConnect 8.04 release". lists.infradead.org. 2019-08-09. Retrieved 2023-07-10.
  6. ^ "OpenConnect 8.20 release". lists.infradead.org. 2022-02-20. Retrieved 2023-07-10.
  7. ^ ""Development of OpenConnect was started after a trial of the Cisco client under Linux found it to have many deficiencies …"". Infradead.org. Retrieved 2018-08-13.
  8. ^ "Issues - Draft: SonicWall NetExtender support".
  9. ^ "Merge requests - Draft: CheckPoint SNX support". 5 June 2021.
  10. ^ "Merge requests - Draft: Add H3C TLS VPN protocol". 23 July 2022.
  11. ^ "Issues - Add support for Barracuda CloudGen Firewall".
  12. ^ "Issues - Huawei SSL VPN support".
  13. ^ Daniel Lenski (September 17, 2020). "How VPNs Work- The Ins and Outs". DAMA Portland.
  14. ^ "OpenConnect graphical client". GitLab. Retrieved 2023-01-23.
  15. ^ "NetworkManager-openconnect". gnome.org. Retrieved 2020-01-27.
  16. ^ "NetworkManagement". kde.org. Retrieved 2014-10-28.
  17. ^ "Android UI for OpenConnect VPN client". GitLab. Retrieved 2023-01-23.
  18. ^ "VPN Overview". openwrt.org. Retrieved 2018-03-15.
  19. ^ https://gui.openconnect-vpn.net/ [bare URL]
  20. ^ OpenConnect VPN Server.
  21. ^ N. Mavrogiannopoulos (October 2020). The OpenConnect VPN Protocol Version 1.2. IETF. I-D draft-mavrogiannopoulos-openconnect-03.
  22. ^ "ocserv issues #51".
  23. ^ Nikos Mavrogiannopoulos. "Recipe: VoIP network with ocserv".
  24. ^ "Open Source License Notices for the SPA525G" (PDF). Cisco.
[edit]