OpenConnect VPN integration with NoTouch

OpenConnect VPN and the required certificates can be provisioned and managed centrally to securely connect to Cisco, Pulse, Palo Alto, and F5 VPNs

OpenConnect is an open source based VPN client that was created as an alternative to Cisco's AnyConnect SSL VPN, now also supporting Pulse Connect Secure (formerly Juniper SSL VPN), and Palo Alto Networks GlobalProtect SSL VPN.

The OpenConnect functionality is part of the "Client VPN" (VPN) upgrade package and license. It was added in NoTouch OS 2.40.4306.

Do not confuse OpenConnect and OpenVPN. OpenConnect is intended for Cisco, Pulse/Juniper and Palo Alto VPN products, whereas OpenVPN is a different, open source based solution. Both options are supported by NoTouch OS.

OpenConnect configuration


You will find the relevant parameters in the Services->OpenConnect section. Only a few parameters need to be set.

  • Start OpenVPN. The master switch to turn OpenConnect on or off.
  • VPN URL. URL of the VPN service to connect to.
  • CA certificate. The root certificate of your VPN service. Simply enter the file name, assuming it has been distributed via Certificates
  • Client certificate. This machine's client certificate. Simply enter the file name, assuming it has been distributed via Certificates
  • Client certificate key. This machine's client certificate's private key. Simply enter the file name, assuming it has been distributed via Certificates
  • Client certificate password. The password for the client certificate's private key, if any.

OpenConnect uses a sample vpnc-script that will probably work fine. If you experience routing issues, please see here: vpnc-script

Customization


The bundled software OpenConnect allows for much more detailed configuration. You can specify any command line option that you like, as for example defined in the OpenConnect man page. Whatever you specify here will be used verbatim, that means you need to familiarize with the OpenConnect software's documentation.