Login
Login

:OpenConnect

{{Short description|Open-source multi-protocol VPN application}}

{{distinguish|text=Netflix's 'Open Connect' CDN}}

{{Infobox software

| name = OpenConnect

| logo =

| screenshot =

| caption = The open SSL VPN

| author = David Woodhouse

| developer = Daniel Lenski, Nikos Mavrogiannopoulos

| released = {{start date|2009|03|18}}

| latest release version = 9.12

| latest release date = {{release date and age|2023|05|20}}infradead.org - [https://www.infradead.org/openconnect/changelog.html OpenConnect: Changelog].

| genre = VPN

| license = GNU LGPL v2.1gitlab.com - [https://gitlab.com/openconnect/openconnect/-/blob/master/COPYING.LGPL OpenConnect: License].

| website = {{URL|https://www.infradead.org/openconnect/}}

}}

{{Portal|Free and open-source software}}

OpenConnect is a free and open-source cross-platform multi-protocol virtual private network (VPN) client software which implement secure point-to-point connections.

The OpenConnect client supports the following VPN protocols:

  • Cisco AnyConnect
  • Juniper Secure Connect (since 7.05){{Cite web |date=2015-03-10 |title=OpenConnect 7.05 release |url=https://lists.infradead.org/pipermail/openconnect-devel/2015-March/002818.html |access-date=2023-07-10 |website=lists.infradead.org}}
  • Palo Alto Networks GlobalProtect (since 8.00){{Cite web |date=2019-01-04 |title=OpenConnect 8.00 release |url=https://lists.infradead.org/pipermail/openconnect-devel/2019-January/005178.html |url-status=dead |archive-url=https://web.archive.org/web/20200609161130/https://lists.infradead.org/pipermail/openconnect-devel/2019-January/005178.html |archive-date=2020-06-09 |website=lists.infradead.org}}
  • Ivanti/Pulse Connect Secure (since 8.04){{Cite web |date=2019-08-09 |title=OpenConnect 8.04 release |url=https://www.infradead.org/openconnect/changelog.html |access-date=2023-07-10 |website=lists.infradead.org}}
  • F5 BIG-IP and
  • Fortinet FortiGate and
  • Array Networks AG SSL VPN (since 8.20){{Cite web |date=2022-02-20 |title=OpenConnect 8.20 release |url=https://lists.infradead.org/pipermail/openconnect-devel/2022-February/005089.html |access-date=2023-07-10 |website=lists.infradead.org}}

It was originally written as an open-source replacement for Cisco's proprietary AnyConnect SSL VPN client,{{cite web|url=https://www.infradead.org/openconnect/ |title="Development of OpenConnect was started after a trial of the Cisco client under Linux found it to have many deficiencies …" |publisher=Infradead.org |access-date=2018-08-13}} which is supported by several Cisco routers.

{{As of|July 2023}}, support for several other proprietary VPN protocols is desired or in development:

  • SonicWall NetExtender VPN support{{Cite web|url=https://gitlab.com/openconnect/openconnect/-/issues/143|title = Issues - Draft: SonicWall NetExtender support}}
  • Check Point SNX VPN support{{Cite web|url=https://gitlab.com/openconnect/openconnect/-/merge_requests/207|title = Merge requests - Draft: CheckPoint SNX support| date=5 June 2021 }}
  • H3C VPN support{{Cite web|url=https://gitlab.com/openconnect/openconnect/-/merge_requests/397|title = Merge requests - Draft: Add H3C TLS VPN protocol| date=23 July 2022 }}
  • Barracuda CloudGen Firewall VPN support{{Cite web|url=https://gitlab.com/openconnect/openconnect/-/issues/574|title = Issues - Add support for Barracuda CloudGen Firewall}}
  • Huawei VPN support{{Cite web|url=https://gitlab.com/openconnect/openconnect/-/issues/603|title = Issues - Huawei SSL VPN support}}

Architecture

The OpenConnect client is written primarily in C, and it contains much of the infrastructure necessary to add additional VPN protocols operating in a similar flow, and to connect to them via a common user interface:{{cite web|url=https://damapdx.org/2020/08/28/september-2020-openconnect/|author=Daniel Lenski|date=September 17, 2020|publisher=DAMA Portland|title=How VPNs Work- The Ins and Outs}}

  • Initial connection to the VPN server via TLS
  • Authentication phase via HTTPS (using HTML forms, client certificates, XML, etc.)
  • Server-provided routing configuration, in a protocol-agnostic format, which can be processed by a [https://www.infradead.org/openconnect/vpnc-script.html vpnc-script]
  • Data transport phase via a UDP-based tunnel (DTLS or ESP), with fallback to a TLS-based tunnel
  • Built-in event loop to handle Dead Peer Detection, keepalive, rekeying, etc.

OpenConnect can be built to use either the GnuTLS or OpenSSL libraries for TLS, DTLS and cryptographic primitives.

Platforms

OpenConnect is available on Solaris, Linux, OpenBSD, FreeBSD, MacOS, and has graphical user interface clients for Windows,{{cite web|url = https://gitlab.com/openconnect/openconnect-gui |title = OpenConnect graphical client |publisher = GitLab |access-date=2023-01-23}} GNOME,{{cite web|url = https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/ | title=NetworkManager-openconnect |publisher= gnome.org |access-date=2020-01-27}} and KDE.{{cite web|url = https://userbase.kde.org/NetworkManagement |title = NetworkManagement |publisher = kde.org |access-date=2014-10-28}} A graphical client for OpenConnect is also available for Android devices,{{cite web |url = https://gitlab.com/openconnect/ics-openconnect |title = Android UI for OpenConnect VPN client |publisher = GitLab |access-date = 2023-01-23}}

and it has been integrated into router firmware packages such as OpenWrt.{{cite web|url = https://openwrt.org/docs/guide-user/services/vpn/overview#openconnect-based_vpn_solutions |title = VPN Overview |publisher = openwrt.org |access-date = 2018-03-15}}

OpenConnect VPN graphical client

The OpenConnect project provide clients for Windows{{Cite web |title=OpenConnect VPN graphical client |url=https://gui.openconnect-vpn.net |access-date=2024-10-16 |website=OpenConnect VPN graphical client |language=en}} and macOS{{Citation needed|date=October 2024}}.

Server

The OpenConnect project also offers an Cisco AnyConnect-compatible server, ocserv,[https://ocserv.gitlab.io/www/ OpenConnect VPN Server]. and thus offers a full client-server VPN solution.

OpenConnect and ocserv now implement an extended version of the Cisco AnyConnect VPN protocol, which has been proposed as an Internet Standard.{{cite IETF | title = The OpenConnect VPN Protocol Version 1.2 | draft=draft-mavrogiannopoulos-openconnect-03 | author = N. Mavrogiannopoulos | date = October 2020 | publisher = IETF }} Both OpenConnect and ocserv strive to maintain backwards-compatibility with Cisco AnyConnect servers and clients.

Notable uses

OpenConnect's implementation of the Cisco AnyConnect protocol is sufficiently complete, such that some of Cisco's own IP phone devices embed a very old release of OpenConnect{{cite web|url=https://gitlab.com/openconnect/ocserv/-/issues/51#note_322138534|title=ocserv issues #51}} in order to connect to Cisco SSL VPNs.{{cite web|url=https://ocserv.gitlab.io/www/recipes-ocserv-ip-phone.html|title=Recipe: VoIP network with ocserv|author=Nikos Mavrogiannopoulos}}{{cite web|url=https://www.cisco.com/c/dam/en/us/td/docs/general/warranty/osln_525g.pdf|title=Open Source License Notices for the SPA525G|publisher=Cisco}}

References

{{Reflist}}

External links

  • [https://www.infradead.org/openconnect OpenConnect project homepage]
  • https://wiki.archlinux.org/title/OpenConnect

{{VPN}}

{{DEFAULTSORT:Openconnect}}

Category:Tunneling protocols

Category:Free security software

Category:Unix network-related software

Category:Virtual private networks