Use of AnyConnect with non-Cisco VPN equipment is strictly prohibited by our license agreement. I am aware of other workarounds such as 'RunAsTool', that can eliminate this issue. However, it would be very nice if Openconnect-GUI could work for unprivileged users, just like Cisco Anyconnect or Viscosity VPN client. OpenConnect SSL VPN software was created to allow remote users and employees to securely connect to a Cisco, Juniper or Palo Alto SSL VPN gateway running in an enterprise environment from Linux systems. DESCRIPTION The program openconnect connects to Cisco 'AnyConnect' VPN servers, which use standard TLS and DTLS protocols for data transport. The connection happens in two phases. First there is a simple HTTPS connection over which the user authenticates somehow - by using a certificate, or password or SecurID, etc. OpenConnect supports running the CSD binary, or spoofing its behaviour, by passing the -csd-wrapper=SCRIPT argument with a shell script. The OpenConnect distribution includes two alternative scripts to support the execution or spoofing of the CSD behaviour, in the trojans/ subdirectory. Hi, does Cisco ASA support VPN connection from Openconnect client? I have very simple configuration and it everything seems OK 'Device completed SSL handshake with client outside:X.X.X.X/9553 to X.X.X.X/443 for TLSv1.2 session', but next message is 'SSL session with client outside:X.X.X.X/9553 to.
Introduction¶
Openconnect Cisco Asa
OpenConnect is a SSL VPN client initially created to support Cisco’s AnyConnect SSL VPN.It has since been ported to support the Juniper SSL VPN which is now known as Pulse Connect Secure.Palo Altos Global Protect will also be supported in future and of course the own OpenConnect Server.
Step 1 - Installation¶
Go to System ‣ Firmware ‣ Plugins and search for os-openconnect.Install the plugin as usual, refresh and page and the you’ll find the client viaVPN ‣ OpenConnect.
Step 2 - Setup¶
The setup of the client is very simple. Just tick Enable and fill out VPN Server,Username and Password. Be sure that the FQDN matches the name in the certificateor you will receive an error. Also wildcard certificates can produce errors.
Once enabled, a new interface will be available for specifying firewall rules;Firewall ‣ Rules ‣ OpenConnect will appear.
Step 3 - Troubleshoot problems¶
To troubleshoot connection problems it’s best to login via CLI and start OpenConnect manually:
# /usr/local/etc/rc.d/opnsense-openconnect start
Openconnect Cisco Ubuntu
Look out for errors like
Openconnect Cisco Remote
Totrustthisserverinfuture,perhapsaddthistoyourcommandline:--servercertsha256:9f97a3395d18093a14f0d8e768dabee231af34d9ba35432dfe838d58dd633333
Openconnect Vpn Client
Now the field Certificate Hash comes into play, so please insert the string above withoutthe hash size and set this one in field Certificate Hash Type.