Configure the OpenConnect-GUI client towards Clavister NetWall

Last modified on 23 Aug, 2022. Revision 18
This is a quick start guide on how to configure and use the OpenConnect compatible OpenConnect-GUI client running under MacOS towards Clavister NetWall.
Up to date for
cOS Core 13.00.09
 
Supported since
cOS Core 13.00.09
Status OK
Author
Mattias Nordlund


What is OpenConnect-GUI?

OpenConnect-GUI is a third party client compatible with a OneConnect Interface in Clavister cOS Core. It can be found at https://openconnect.github.io/openconnect-gui/. OpenConnect-GUI can be downloaded as pre-compiled binaries for both Windows and macOS. As for Linux and other Unix-like operating systems, it can be compiled from source or installed via the OS package manager. The MacOS interface is used as an example below but Windows is configured similarly.

Configuring OpenConnect-GUI

Start OpenConnect-GUI. The example below shows the client running under macOS. Click the cogwheel and select New profile.

As Gateway enter the full url (for example https://myvpn.mydomain.tld) as configured in the OneConnect interface in cOS Core (hostname and server port if not 443) and click Save & Connect, Name is optional and will default to the same as Gateway if left blank.

Note: The hostname entered as Gateway must be the same as either the Common Name (CN) or one of the Subject Alternative Name (SAN) of the certificate used by the OneConnect Interface in cOS Core. 

On initial connection, a pop-up to verify server certificate will appear. Click Show Details… to verify certificate. If everything looks okay, click Accurate information to proceed with the connection attempt.

A pop-up to enter a username will be forwarded from cOS Core. If the connection is successful the username will be saved in the OpenConnect-GUI profile and will not be requested on subsequent connection attempts.

A separate pop-up for the password will be presented to the user.

The pad-lock in OpenConnect-GUI will turn green when successfully connected.

On the VPN Info tab detailed information about the SSL VPN tunnel can be seen, such as assigned IP, ciphers in use and if DTLS is active. 

Related articles

Configuring L2TP/IPsec Server using PSK
11 Jan, 2023 ipsec core vpn
Roaming IKEv2 tunnel setup in cOS Core with XCA CA and FreeRADIUS
10 Mar, 2023 core vpn ikev2 windows radius certificate
cOS Core IKEv2 split tunneling with Windows and local user database.
28 Mar, 2023 ikev2 windows vpn routing splittunneling
Configuring public certificates in NetWall firewalls
18 Mar, 2024 core certificate oneconnect ipsec vpn
Certificate update in InControl global domain on certificate that is used on firewall(s)
18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
Configure Linux OpenConnect towards Clavister NetWall
5 Mar, 2021 sslvpn openconnect oneconnect linux core
Split tunneling in cOS Core with Windows L2TP/IPsec clients
29 Mar, 2023 ipsec core windows vpn l2tp
Roaming Windows IKEv2 setup with NetWall as CA server
22 May, 2024 netwall ikev2 windows certificate vpn core