VPN Cisco RV340 VPN Project and Cisco VPN in same time. An Cisco's AnyConnect SSL VPN — for that problems as a dhcp client from target' - Super on OpenWRT 'no response client OpenWRT as Vpn Client 2020:: These switches connect directly PPTP VPN client with Battery, OpenVPN Client, I'm User vpn. VPN client compatible with Cisco AnyConnect SSL VPN. Home Features Getting Started Mailing List / Help Contribute Protocols VPN Server. OpenConnect VPN client. Feature list Running as non-root user GUI Character sets One Time Passwords Smart Cards / PKCS#11 Trusted Platform Module (TPM). An openconnect VPN server (ocserv), which implements an improved version of the Cisco AnyConnect protocol, has also been written. OpenConnect is released under the GNU Lesser Public License, version 2.1. Recently need to work from home, gotta use Anyconnect VPN to visit some company internal resources.
Cisco-VPN-Client-v5.x, CiscoAnyConnectIpsecVPN Client, ShrewSoftVPN Clients, some GreenBow Clients and some branches with CiscoBranchRouters running EzVPNRemoteClient. Now a major part of these clients use aggressive-mode with psk and xauth. So iam kind of stuck with no options in the short-term to migrate to main-mode only access.
Original author(s) | David Woodhouse |
---|---|
Developer(s) | Daniel Lenski, Nikos Mavrogiannopoulos |
Initial release | March 18, 2009[1] |
Stable release | |
Repository | |
Type | VPN |
License | GNU LGPL v2.1[2] |
Website | www.infradead.org/openconnect/ |
OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections.
It was originally written as an open-source replacement for Cisco's proprietaryAnyConnect SSL VPN client,[3] which is supported by several Cisco routers.The OpenConnect client added support for Juniper Networks' SSL VPN in version 7.05,.[1] A fork then developed support for Palo Alto Networks' GlobalProtect VPN,[4] which was included in the version 8.00 release.[5]
As of 2013, the OpenConnect project also offers an AnyConnect-compatible server, ocserv,[6] and thus offers a full client-server VPN solution.
OpenConnect and ocserv now implement an extended version of the AnyConnect VPN protocol, which has been proposed as an Internet Standard.[7] Both OpenConnect and ocserv strive to maintain backwards-compatibility with Cisco AnyConnect servers and clients.
Cisco AnyConnect VPNs utilize TLS to authenticate and configure routing, then DTLS to efficiently encrypt and transport the tunneled VPN traffic,[8][9] and can fall back to TLS-based transport where firewalls block UDP-based traffic. The DTLS protocol used by Cisco AnyConnect servers was based on a non-standard, pre-release draft of DTLS 1.0, until support for the DTLS 1.2 standard was added in 2018.[9][10]
OpenConnect's implementation of the AnyConnect protocol is sufficiently complete that some of Cisco's own IP phone devices embed a very old release of OpenConnect[11] (rather than Cisco's own proprietary software) in order to be able to connect to Cisco SSL VPNs.[12][13]
Cisco's proprietary AnyConnect clients and servers were originally built against a patched, 2007 release of OpenSSL 0.9.8f,[14] which implemented a pre-release version of DTLS that was not compatible with DTLS 1.0 as standardized in RFC 4347. Because of this, it was difficult to make OpenConnect implement a Cisco-compatible version of DTLS without linking against OpenSSL.
Explicit support for Cisco's non-standard version of DTLS was included in OpenSSL 0.9.8m (where it is known as DTLS1_BAD_VER
) and then GnuTLS 3.2.1 (where it is known as GNUTLS_DTLS0_9
).[15] Newer versions of Cisco's AnyConnect clients and servers support DTLS 1.2 in its standardized on-the-wire form (RFC 6347), though they continue to use a non-standard mechanism (based on session resumption) for DTLS key exchange.[7]
Modern versions of OpenConnect can be built to use either the GnuTLS or OpenSSL for TLS, DTLS, and cryptographic primitives.
The OpenConnect client also implements Juniper, Junos Pulse, and GlobalProtect VPN protocols. These have a very similar structure to the AnyConnect protocol: they authenticate and configure routing over TLS, except that they use ESP for efficient, encrypted transport of tunneled traffic (instead of DTLS), but they too can fall back to TLS-based transport.As of May 2020, support for several PPP-based protocols is in development.[16]
The OpenConnect client is written primarily in C, and it contains much of the infrastructure necessary to add additional VPN protocols operating in a similar flow, and to connect to them via a common user interface:[17]
OpenConnect can be built to use either the GnuTLS or OpenSSL libraries for TLS, DTLS and cryptographic primitives.
OpenConnect is available on Solaris, Linux, OpenBSD, FreeBSD, MacOS, and has graphical user interface clients for Windows,[18]GNOME,[19] and KDE.[20] A graphical client for OpenConnect is also available for Android devices,[21]and it has been integrated into router firmware packages such as OpenWrt.[22]
Cisco AnyConnect is a Cisco implementation of the thick client. Because the SSL VPN network extension runs on top of the SSL protocol, it is simpler to manage and has greater robustness with different network topologies such as firewalls and Network Address Translation (NAT) than the higher security of IPsec.
Some useful usage information.