What is OpenConnect?

Most internet users know that the best VPNs are a great way to stay safe online. By establishing a secure, encrypted tunnel between your ‘client’ device and the VPN server, your web traffic and IP address are protected from online snooping. 

This has its downsides though, as using proprietary software means you have to trust that the provider has put it together properly. With closed-source software there’s no way to be certain a bad actor hasn’t inserted malicious code into the app. It’s also harder to spot and fix security vulnerabilities.

Using FOSS (free and open source software) for security applications is so important. This is why we’ve been having some fun researching OpenConnect : a free and open source application for connecting to VPNs.

OpenConnect vs OpenVPN Connect

As confusing as it is, there’s also a VPN protocol named OpenVPN and even a software client called OpenVPN Connect. 

Despite the similar naming, OpenConnect is an entirely separate program and doesn’t even support OpenVPN. 

It was originally developed as an improvement on Cisco’s proprietary “AnyConnect” protocol, which didn’t secure the connection with TLS or even allow using passwords. It also was only available for a limited number of platforms and could be tricky to install.

Since its development, it also now supports a number of other VPN protocols, including:

The bottom line is that if your chosen VPN provider supports one or more of these protocols, you’re in luck as you can connect via the OpenConnect client. Of course, since the software is ‘agnostic’, there’s no reason why you have to stick with one particular provider. So long as they support these protocols, you can store connection data for as many different VPN services (including free VPNs) as you wish. 

How to set up OpenConnect 

If you’ve a subscription with a VPN provider who supports OpenConnect like WorldVPN and want to use the OpenConnect client, the easiest way to get started is through using the GUI (graphical) version of the program.

Open up your browser and go to the OpenConnect GUI Github page. From there you can scroll down to find your installer of choice e.g. openconnect-gui-1.5.3-win32.exe. There’s also a GUI client for Mac.

(Linux users will have to content themselves with the command line version of OpenConnect but the Developer’s website has an excellent guide on how to input basic commands.) 

Once the download is complete, double click on the file to launch the installer. Your OS may ask for your permission to have the app make changes. Click “Next” to continue. You’ll also need to click “I agree” to the GPL (GNU General Public Licence). 

Select the radio button "Add openconnect-gui to the system PATH for current user" and optionally tick "Create openconnect-gui Desktop icon", then click "Next".

You’ll be asked to confirm your install location, then click “Install” to begin. Click “Finish” to exit setup and launch OpenConnect for the first time.

Configure your VPN for OpenConnect

On the first run, the OpenConnect window will open but you’ll need to enter the details of your VPN Provider to continue. Click “File” > “Profiles” > “New Profile”.  

In the new window that opens click Customize tickbox next to Name to give your VPN a user-friendly title e.g. WorldVPN1. In the Gateway field you should enter the VPN server address e.g. ca1.ocservvpn.com. Alternatively just enter its IP address.

Once you’ve entered this information click Save and Connect. The program will inform you you’re connecting for the first time. Click the Accurate Information button. This will let you enter your username and password. Click “OK” after each one. (If you’re not sure what these are, double check with your VPN provider).

Next click Connect. You should see a notification saying you’re connected to the VPN.

For the seriously security-conscious, you can double check you’re secure and not experiencing a DNS leak via your browser. Head over to a website like DNS leak test to check your public IP and to make sure your DNS requests aren’t still readable by bad actors.  

OpenConnect offerings 

There are some advantages to using OpenConnect over a regular VPN client. It frees you from the worry that using proprietary software leaves you vulnerable to hidden malware and security bugs.

Setup is also very easy relative to downloading the OpenVPN client as you don’t have to mess around with downloading additional configuration files and certificates. All you need is the web address of your VPN server, plus the username and password for certain protocols.

The command line version of OpenConnect is also very flexible, allowing you to specify root certificates. The client uses TLS for data encryption and authentication, which is widely considered to be secure and can be built to use the OpenSSL or GNUTLS libraries.

Being open-source, also means that OpenConnect’s supported on a huge number of platforms. And in theory, it can be compiled to work on any new operating system or device. This is a relief if you’re worried that one day your provider will stop providing software support for your particular system. 

Issues with OpenConnect 

The main downside to OpenConnect is that it is primarily designed to support VPNs using protocols designed for use with Cisco and Palo Alto systems. There aren’t many of these and some of them don’t offer the best service.

In 2019 a security vulnerability was discovered in the OpenConnect Windows and Linux clients, which caused a users’ login ID and passwords to be stored in the systems memory in ‘plaintext’ leaving it vulnerable to hackers. You can reduce the chance of someone taking control of your VPN account in this way through using two-factor authentication. Alternatively consider using a VPN client that supports OpenVPN.