Anyconnect Open Source

VPN client compatible with Cisco AnyConnect SSL VPN. Home Features Getting Started Mailing List / Help Contribute Protocols VPN Server. OpenConnect VPN client. Pros: The company I used to work for, a very large company with thousands of employees around the world, had us use Cisco AnyConnect to connect to our enterprise networks whenever we were working from home or on a business trip. Our laptops would come pre-installed with the software and it seemed to integrate with the enterprise login system.

Anyconnect Open Source Download
Anyconnect Open Source Free

By @sskaje
Link: https://sskaje.me/2014/06/openconnect-public-key-authentication/

Here are old articles about OpenConnect, the open source AnyConnect server:
OpenConnect on Ubuntu
Open Connect Server Configuration (Working for iOS)
Cisco AnyConnect Client for OS X/Windows/Linux (Version 3.1.05160)

This time, OCServ 0.80 on Ubuntu 14.04.
And still doesn’t work for OS X.

I was using password based authentication, but clients on iOS can not remember my password.
So now add some configurations based on “Open Connect Server Configuration (Working for iOS)“.

Create Client Certificates

Just follow the manual: http://www.infradead.org/ocserv/manual.html.
If you already have a CA based on openssl, I have another article: Generate Certificate with GnuTLS and Sign with OpenSSL.

Here is my user.tmpl:

</div><table><tbody><tr><td><div><div>2</div><div>4</div><div>6</div></div></td><td><div><div><span>unit</span><span>=</span><span>'vpn'</span></div><div><span>expiration_days</span><span>=</span><span>365</span></div><div><span>tls_www_client</span></div></div></td></tr></tbody></table><p>After the pkcs12 is created like ‘Create Client Config’ in “iOS IPSec VPN Server on Ubuntu“, the mobileconfig should be also created.<br />Remember to leave the ‘<strong>Account</strong>‘ and ‘<strong>Group</strong>‘ BLANK in the <strong>VPN</strong> page.</p><h2>Update config</h2><p>Copy a new sample.config from source, edit it following Open Connect Server Configuration (Working for iOS)</p><img src='https://qph.fs.quoracdn.net/main-qimg-39ee3ad05edaeecde96bddaed1b5caf7' alt='Open' title='Open' /><p>Now comes the certificate authentication related changes:</p><h3>auth</h3><div><textarea wrap='soft' readonly='># User authentication method. Could be set multiple times and in that case # all should succeed. # Options: certificate, pam. auth = 'certificate' #auth = 'plain[/opt/ocserv/etc/passwd]' #auth = 'pam'

# User authentication method. Could be set multiple times and in that case

# Options: certificate, pam.

#auth = 'plain[/opt/ocserv/etc/passwd]'

I tried to use both certificate and plain, but failed.
Just keep the certificate one.

server-cert & server-key

You can add your own certificate or get it somewhere like startssl.com.
I got my certificates from startssl.com, class 1, I got three files: ca.pem, sub.class1.server.ca.pem, and my own ssl.crt:

Cisco anyconnect open source alternative

<p>Encrypted private key would result:</p><div><textarea wrap='soft' readonly='>Jun 19 03:59:08 sskaje ocserv[11731]: GnuTLS error (at sec-mod.c:498): Decryption has failed.