https://wiki.nixos.org/w/index.php?action=history&feed=atom&title=OpenConnect 2026-05-30T13:42:40Z Revision history for this page on the wiki MediaWiki 1.45.1 https://wiki.nixos.org/w/index.php?title=OpenConnect&diff=32122&oldid=prev 2026-05-30T09:20:22Z

<p>Initial page</p> <p><b>New page</b></p><div>[https://www.infradead.org/openconnect/ OpenConnect] is a free, open‑source client‑to‑site VPN that works with many commercial SSL‑VPN gateways, such as Cisco AnyConnect, Palo Alto GlobalProtect, Pulse Secure (including Pulse Connect Secure), Juniper Network Connect, Fortinet, F5 and Array Networks.<br /> <br /> == Setup ==<br /> Following example configures a permanent VPN connection using OpenConnect using the protocol &lt;code&gt;anyconnect&lt;/code&gt;.&lt;syntaxhighlight lang=&quot;nix&quot;&gt;<br /> openconnect.interfaces.myvpn = {<br /> gateway = &quot;vpn-ac.uni-heidelberg.de/2fa&quot;;<br /> protocol = &quot;anyconnect&quot;;<br /> user = &quot;myuser&quot;;<br /> passwordFile = &quot;/etc/secrets/openconnect-secret&quot;;<br /> extraOptions = {<br /> useragent = &quot;AnyConnect&quot;;<br /> non-inter = true;<br /> };<br /> };<br /> &lt;/syntaxhighlight&gt;Further you can also provide TOTP secrets for two-factor-authentications (which should be &lt;u&gt;avoided in production&lt;/u&gt; environments since it decreases the security concept drastically) and use &lt;code&gt;vpn-slice&lt;/code&gt; to achieve split tunneling instead of routing all traffic through the VPN gateway.&lt;syntaxhighlight lang=&quot;nix&quot;&gt;<br /> openconnect.interfaces.myvpn = {<br /> [...]<br /> extraOptions = {<br /> token-mode = &quot;totp&quot;;<br /> token-secret = &quot;base32:ABC123&quot;;<br /> script = &quot;${pkgs.vpn-slice}/bin/vpn-slice 129.206.0.0/16&quot;;<br /> };<br /> };<br /> &lt;/syntaxhighlight&gt;<br /> <br /> [[Category:Networking]]<br /> [[Category:VPN]]</div>

Onny