Jun 10, 2020 The OpenConnect VPN server, also called ocserv, is an open implementation of the Cisco AnyConnect VPN protocol, which is widely used in companies and universities. AnyConnect is an SSL-based VPN protocol that enables individual users to connect to an external network. Why would you set up your own VPN server? What is left is to start the service and test a successful connection using the OpenConnect client or Cisco’s AnyConnect. An invalid (self-signed) certificate will be presented to the clients (which can be trusted manually) as no certificate has been installed yet.
Dec 07, 2020 OpenConnect (ocserv) is an open-source implementation of the Cisco AnyConnect VPN protocol.
Ocserv Cisco Anyconnect
OpenConnect (ocserv) is an open-source implementation of the Cisco AnyConnect VPN protocol. This video is showing how to install and configure OpenConnect Se. Openconnect VPN server (ocserv) is a VPN server compatible with the openconnect VPN client. It follows the AnyConnect VPN protocol which is used by several CISCO routers.
Ocserv Anyconnect Login
Is there a way to have the latest Cisco AnyConnect 4.6 clients use
ocserv with a stronger DTLS cipher than the default RSA_AES_128_SHA1?
When the same version of AnyConnect connects to an ASA the DTLS cipher
shows as DHE_RSA_AES256_SHA, which GnuTLS 3.5.18 on my ocserv box should
also support. I have tried playing around with the
cisco-client-compat/dtls-legacy/dtls-psk/match-tls-dtls-ciphers config
options, but understand some of those are mutually exclusive.
I plan to force TCP and TLS1.2 with GCM ciphers for most AnyConnect
clients with ocserv which works fine, but would like to support the
'best DTLS possible' (or at least match the ASA cipher) for a few
cases where TCP file transfer throughput through AnyConnect is
important (seeing about 3x throughput via DTLS).
`occtl show user` with ocserv 0.12.1 and AnyConnect 4.6.01103:
TLS ciphersuite: (TLS1.2)-(ECDHE-RSA-SECP521R1)-(AES-256-GCM)
DTLS cipher: (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1)
Thanks in advance!