OpenConnect

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
OpenConnect
Original author(s) David Woodhouse
Initial release March 18, 2009 (2009-03-18)[1]
Stable release
7.08 / December 13, 2016; 21 months ago (2016-12-13)[1]
Repository Edit this at Wikidata
Type VPN
License GNU LGPL
Website www.infradead.org/openconnect/

OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections.

It was originally written as an open-source replacement for Cisco's proprietary AnyConnect SSL VPN client,[2] which is supported by several Cisco routers. As of 2013, the OpenConnect project also offers an AnyConnect-compatible server, ocserv,[3] and thus offers a full client-server VPN solution.

The OpenConnect client added support for Juniper Networks' SSL VPN in version 7.05,[1]. A fork has provided support for Palo Alto Networks' GlobalProtect VPN,[4] with mainline integration expected in version 8.0.[5]

Architecture[edit]

OpenConnect uses a protocol compatible with AnyConnect's SSL protocol,[6][7] implemented within an open-source project unaffiliated with Cisco. AnyConnect VPNs utilize TLS to authenticate and configure routing, then DTLS to efficiently encrypt and transport the tunneled VPN traffic,[8] and can fall back to TLS-based transport where firewalls block UDP-based traffic.

The Juniper and GlobalProtect protocols have a very similar structure to the AnyConnect protocol: they authenticate and configure routing over TLS, except that they use ESP for efficient, encrypted transport of tunneled traffic (instead of DTLS), but they too can fall back to TLS-based transport.

OpenConnect is written primarily in C, and it contains much of the infrastructure necessary to add additional VPN protocols operating in a similar flow, and to connect to them via a common user interface:

  • Initial connection to the VPN server via TLS
  • Authentication phase via HTTPS (using HTML forms, client certificates, XML, etc.)
  • Server-provided routing configuration in a standard format that can be processed by a vpnc-script
  • Data transport phase via a UDP-based tunnel (DTLS or ESP), with fallback to a TLS-based tunnel

Platforms[edit]

OpenConnect is available on Solaris, Linux, OpenBSD, FreeBSD, Mac OS X, and has graphical user interface clients for Windows 2000/XP/Vista/7,[9] GNOME,[10] and KDE.[11] A graphical client for OpenConnect is also available for Android devices,[12] and it has been integrated into router firmware packages such as OpenWrt.[13]

References[edit]

  1. ^ a b c infradead.org - OpenConnect: Changelog.
  2. ^ ""Development of OpenConnect was started after a trial of the Cisco client under Linux found it to have many deficiencies …"". Infradead.org. Retrieved 2018-08-13.
  3. ^ ocserv home page.
  4. ^ dlenski/openconnect on GitHub
  5. ^ "Preparing for OpenConnect 8.0 release". Lists.infradead.org. Retrieved 2018-08-13.
  6. ^ Tiso, John; Scholfield, Mark D.; Teare, Diane (2011). Designing Cisco Network Service Architectures (ARCH): Foundation Learning Guide. Foundation Learning Guides (3 ed.). Cisco Press. p. 464. ISBN 9781587142888. Retrieved 2013-06-13. Cisco AnyConnect is a Cisco implementation of the thick client. Because the SSL VPN network extension runs on top of the SSL protocol, it is simpler to manage and has greater robustness with different network topologies such as firewalls and Network Address Translation (NAT) than the higher security of IPsec.
  7. ^ "The OpenConnect VPN Protocol Version 1.0". github.com. Retrieved 2015-04-29.
  8. ^ Mavrogiannopoulos, Nikos (2013-11-17). "nmav's Blog: Inside an SSL VPN protocol". Nmav.gnutls.org. Retrieved 2018-08-13.
  9. ^ "Openconnect graphical client". GitHub. Retrieved 2014-10-28.
  10. ^ "NetworkManager". gnome.org. Retrieved 2014-10-28.
  11. ^ "NetworkManagement". kde.org. Retrieved 2014-10-28.
  12. ^ cernekee. "Android UI for OpenConnect VPN client". GitHub. Retrieved 2014-10-28.
  13. ^ "VPN Overview". openwrt.org. Retrieved 2018-03-15.

External links[edit]

Some useful usage information.