OpenConnect

OpenConnect is a cross-platform multi-protocol SSL VPN client which supports a number of VPN protocols:

OpenConnect is not officially supported by, or associated in any way with Cisco Systems, Juniper Networks, Pulse Secure, Palo Alto Networks, F5, or Fortinet, or any of the companies whose protocols we may support in the future. It just happens to interoperate with their equipment. Trademarks belong to their owners in a rather tautological and obvious fashion.

An openconnect VPN server (ocserv), which implements an improved version of the Cisco AnyConnect protocol, has also been written.

OpenConnect is released under the GNU Lesser Public License, version 2.1.

Motivation

Development of OpenConnect was started after a trial of the Cisco AnyConnect client under Linux found it to have many deficiencies:

Naturally, OpenConnect addresses all of the above issues, and more.

New protocols

Adding new protocols to OpenConnect is relatively simple, and additional protocols have been added over the years since using OpenConnect allows a developer to concentrate on the protocol itself and most of the boring details about platform-specific tunnel management and IP configuration, and handling of client SSL certificates, are already resolved.

If you have a protocol which you think it makes sense to support in OpenConnect, especially if you are able to help with interoperability testing, please file an issue in GitLab.

Consistent multi-protocol support

Wherever possible, OpenConnect presents a uniform API and command-line interface to each of these VPNs. For example, openconnect --force-dpd=10 will attempt dead peer detection every 10 seconds on every VPN that supports it, even though the actual mechanism used may be protocol-specific. Protocol-specific features and deficiencies are described on the individual protocol pages.