ocserv (also known as OpenConnect server) is an open source command-line OpenConnect VPN (Virtual Private Network) solution powered by SSL (Secure Sockets Layer). It is designed to work on any GNU/Linux server that implements the AnyConnect SSL VPN protocol. The software is secure, configurable, portable, fast, small, and depends on standard protocols, such as Datagram TLS and TLS 1.2.
Features at a glance
Key features include full compatibility with the OpenConnect VPN client. experimental support for other Anyconnect SSL VPN clients, the ability to allow VPN users to authenticate using a certificate, a password authentication method or any combination of these two methods. An unprivileged worker process is automatically assigned to authenticated users, which will also obtain an IP and networking (tun) device from a configurable pool of addresses.
Among other interesting features, we can mention a management interface that allows you to monitor logged in users, support for TCP wrappers, support for both IPv4 and IPv6 network protocols, support for route pushing, support for storing the server key in TPM (Trusted Platform Module), on a smart card or on a HSM (Hardware Security Module). Another interesting feature is that it offers no support for compression (see the project’s homepage for more details).
Supports two concurrent VPN channels
It provides a dual UDP/TCP VPN channel and makes use of the standard IETF (Internet Engineering Task Force) security protocol to keep it protected at all times. It also uses privilege separation, sandboxing, resilience and accounting to secure the OpenConnect SSL VPN channel.
Under the hood and availability
The program is written entirely in the C programming language and runs on a console/terminal environment, which means that it features no graphical user interface (GUI). It is available for download as a universal source archive, installable on any GNU/Linux operating systems that supports the 32-bit and 64-bit architectures. Users can also install it from the default software repositories of their Linux distribution.