Clavister (Classic) SSL VPN vs OneConnect (OpenConnect based) SSL VPN

Last modified on 3 Jun, 2022. Revision 45
With the introduction of the OneConnect specific server in 13.00.09 there could be a bit of a confusion what is supported by each protocol.
Up to date for
cOS Core 14.00.04
Status OK
Mattias Nordlund

Below is a table describing the differences between the two available SSL VPN Servers in Clavister NetWall.

OneConnect ServerSSL VPN Server
Protocol Features 
TLS (TCP) SupportYesYes
DTLS (UDP) SupportYesNo
ProtocolOpenConnectClavister Proprietary
Outer Transport ProtocolUDP, TCPTCP
Outer IP ProtocolIPv4, IPv6IPv4
Inner IP ProtocolIPv4IPv4
Routing Features
Split Tunneling SupportYesYes (Windows client) / No (macOS Client)
Split Tunneling ConfigurationDynamically configured on the client by NetWall on every connection attempt, fully transparent for the user.Statically configured in SSL VPN configuration file downloadable from NetWall SSL VPN Portal. Any changes require the end user to re-download and re-apply the configuration file.
Number of Routes325
Largest SubnetNo limitation/24
Client Support
Support for 3rd Party ClientsYesNo
Clavister Client Versions
  • OneConnect 3.0 or later
  • Up to OneConnect Classic SSL VPN 2.x for Windows
  • Up to OneConnect Classic 2.x for macOS
Operating Systems Supported by Clavister Clients
  • Android 9 or later
  • iOS 14.1 or later
  • iPadOS 14.1 or later
  • macOS 11.00 (Big Sur) or later
  • Windows 10 or later
  • macOS 10.12 (Sierra) or later
  • Windows 7, 8 and 10
Support for Deep LinksYes, for easy deployment of configuration profilesNo
Support for DNS search suffixesYesNo
Support for URL redirect after connection (SSO Portal from EasyAccess)YesYes
Support for HTTP proxy settingsYes, using Auto Proxy URL to WPAD file.No
Support for VPN on Demand Rules on macOS/iOS/iPadOSYes, per profile, power user setting enabled in PreferencesNo
NetWall Firmware Versions
Supported FromcOS Core 13.00.09CorePlus 9.20.00

Related articles

Brian Smart Search (Beta)
15 Jan, 2024 dictionary troubleshoot core stream incontrol incenter oneconnect cloudservice
Configure Clavister OneConnect using deep links
13 Jun, 2022 oneconnect macos ios windows android
Configure Clavister OneConnect for macOS, iOS and iPadOS towards NetWall
28 Apr, 2023 openconnect oneconnect macos ios iphone
Configuring public certificates in NetWall firewalls
18 Mar, 2024 core certificate oneconnect ipsec vpn
Configure the Android OpenConnect client towards Clavister NetWall
23 Aug, 2022 sslvpn openconnect oneconnect android core
Configure Clavister OneConnect for Windows towards Clavister NetWall
29 Oct, 2021 sslvpn openconnect oneconnect windows
Lets Encrypt - error 9814 - chain had an expired certs
13 Oct, 2021 oneconnect macos openconnect ios
Certificate update in InControl global domain on certificate that is used on firewall(s)
18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
Configure Linux OpenConnect towards Clavister NetWall
5 Mar, 2021 sslvpn openconnect oneconnect linux core
Configuring SSL-VPN / OneConnect server on secondary Firewall IP address
8 Apr, 2021 core sslvpn oneconnect interfaces arp
OneConnect VPN certificate not trusted
18 Mar, 2024 onetouch sslvpn oneconnect troubleshoot certificate
Install OneConnect without Microsoft store
25 Feb, 2022 oneconnect windows howto
Howto - Userbased rules
27 Feb, 2024 oneconnect userbased core
Changing the certificate used by the OneConnect client/server
28 Nov, 2022 core configuration oneconnect
Changing the certificate used by cOS Core's SSL VPN client/server
25 Nov, 2022 core configuration sslvpn management
Clavister OneConnect server using cOS Core as CA Server
11 May, 2023 oneconnect certificate howto
Background apps premission
4 Jun, 2024 oneconnect windows
Configure the OpenConnect-GUI client towards Clavister NetWall
23 Aug, 2022 sslvpn openconnect oneconnect macos windows linux core