What is Reddit's opinion of OpenConnect?

From 3.5 billion Reddit comments

Here is the openconnect page: http://www.infradead.org/openconnect/

They list some shortcomings of the AnyConnect client as reasons for creating openconnect, but I don't know if those reasons have since been addressed by AnyConnect or if they even matter to you.

I was pretty disappointed by the news as well, but I found that openconnect works.

openconnect vpn.library.ucdavis.edu --juniper \ --cafile <path to file> -u <kerberos id>

As an alternative to AnyConnect, there is http://www.infradead.org/openconnect/. As far as I know, Cisco's solution is not compatible with OpenVPN, etc.

It worked quite well for me when I had to work in a home office because of Covid-19.

Cisco's proprietary TLS-based AnyConnect can optionally use a client. A compatible open-source implementation is OpenConnect.

An open-source client for Cisco's older IPsec VPN, which unlike AnyConnect is not licensed by simultaneous user, is vpnc, which is now included in most Linux distribution repos.

Me and the rest of the linux users at my office gave up on using the official client and switched to an unofficial one years ago http://www.infradead.org/openconnect/

I dunno if the official client has improved since then, but I don't think I've ever gotten it working on Debian without some sort of hackjob. I don't think my coworkers running other distros have had any better luck either.

The official client will work if you sacrifice a goat to it, but if you can use openconnect I would recommend doing so.

Did you try OpenConnect? http://www.infradead.org/openconnect/

Generally speaking from past experience it takes Cisco a while to update their VPN clients when a new version of Windows releases. You may have to wait.

check out openconnect (http://www.infradead.org/openconnect/)....i've used it for a long while from linux to connect to cisco vpns. with the right scripting/aliasing, you can have it all as easy as just a one word command

Let me Google that for you.

Use OpenConnect v8.00, or one of its graphical clients, which supports the GlobalProtect protocol in addition to others.

(Disclosure: I wrote the GlobalProtect support in OpenConnect out of frustration with the aforementioned terribleness.)

> … BUT when I try to use …

Don't use the offical GlobalProtect client. It's terrible. Even more terrible than most proprietary VPN clients, which are all terrible, because they all focus on making the IT department happy rather than the end users.

Use OpenConnect v8.00, or one of its graphical clients, which supports the GlobalProtect protocol in addition to others.

(Disclosure: I wrote the GlobalProtect support in OpenConnect out of frustration with the aforementioned terribleness.)

GlobalProtect has been merged upstream into the official OpenConnect as of v8.00.

If you are using Okta, you still need to use an external script to do the Okta authentication flow. Probably start with this one: https://github.com/nicklan/pan-globalprotect-okta/

(I developed the GlobalProtect support in OpenConnect. I would love to make the Okta support simpler, but I have no access to a VPN with Okta myself, so no way to test it.)

> Without backend changes is their a way to use the cisco anyconnect client to connect to the globalprotect vpn and then continue authentication via okta?

No. Cisco AnyConnect and GlobalProtect use completely different protocols.

However… you can use openconnect or one of its graphical clients. OpenConnect supports the GlobalProtect protocols (as well as AnyConnect and Juniper protocols) as of the recently released v8.00.

Source: I wrote the whole GlobalProtect protocol support. :-P

GlobalProtect's official Linux client sucks.

Use OpenConnect instead. GlobalProtect will be supported in the official 8.0 release, and pre-release versions already support it:

http://www.infradead.org/openconnect/globalprotect.html

Cisco has some more-or-less proprietary protocols but they not terribly common and at least sometimes not closed. For example, I think Cisco invented DMVPN, but an open-source implementation of the NHRP protocol component is available. I think EIGRP has been implemented by third parties, but in any event it's not terribly common compared to OSPF, IS-IS, and iBGP. "AnyConnect" (TLS-based VPN) has been implemented successfully by the open-source OpenConnect. NetFlow has been supplanted by SFlow and IPFIX. VRRP and CARP aren't interoperable with HSRP, but perform the same functions.

No other proprietary protocols come to mind for Cisco, and I'm not aware of any current interoperability challenges of note.

Some solid recommendations, I'll especially check out passbolt!

> Rockstor is a NAS server at its core, however its so so much more than that. > > Utilizing BTRFS ...

I wouldn't trust that yet tbh, BTRFS is experimental, certainly the RAID features. While it might be more flexible in some ways than a ZFS-based solution, for reliability I'd stick with the latter (something like freenas or a simple Ubuntu 16.04 LTS box, which is what I use)

For VPN, while OpenVPN is the easiest, I don't really like it. Look into OpenConnect, an opensource implementation of both the Cisco VPN server and client (officially, for legal reasons, they never state this). Not that easy to setup though.

For 2fa token-management, we use the open-source PrivacyIdea and wrote a small radius bridge in Python for our VPN client to handle this.

That can depend on a a lot of factors, but to simplify, do you have a permanent residence with internet access or know somebody with a permanent residence and internet access in whatever region you're trying to get a local feed from? If so, you can setup something like OpenConnect (server on the "local" end, your clients can be Android, OpenWRT/Portable Router, or a laptop running your OS of choice). This is free.

You can do a similar thing with a VPS, but you'd have to get lucky/research quite a bit before you found a company that had servers peering on the proper network/region. This costs money as well.

Edit: You may also get more traction/knowledgeable answers over at /r/vpn as well.

Every Windows Domain in the world. Every Apple iPhone, iPod, iPad. Almost all proprietary commercial stuff exists to be anticompetitive.

Oh and there's always stuff like this: http://www.infradead.org/openconnect/

But hey, what do I know, I've only been doing this for more than a decade. I just think /r/networking drinks the kool-aid a bit too much.

http://www.infradead.org/openconnect/index.html

However, the AnyConnect client doesn't inherently have issues connecting to different systems unless the policy of one is going to conflict with the other. Depending on how much the OpenConnect client implements the policy enforcement features, you may be out of luck either way. You may need to write some simple scripts to manage the AnyConnect files.

You might have done that, but help me understand: Can you start the connection from the command line? Just invoke the vpnc command?

Also, are you sure that your work place vpn does not support Cisco SSL vpn? In the latter case, openconnect-networkmanager works like a charme.

Or, try to connect to the vpnc server via openconnect, never tried but I guess there should be a way. Much of the client side config should be the same, according to linked guide.