OpenConnect VPN Server

Engine for secure and scalable VPN infrastructure


The OpenConnect VPN server (ocserv) is an open source Linux SSL VPN server designed for organizations that require a remote access VPN with enterprise user management and control.
[Deploy on your platform] [Download the source code]
OpenConnect

Enterprise grade security

Scalability

Enterprise authentication and accounting

The OpenConnect VPN server is designed for privacy, protecting the clients from accessing each others data using strict isolation and privilege separation. It secures the VPN channels using only standard protocols like TLS and Datagram TLS and prevents the leakage of cryptographic keys with Hardware Security Modules (HSMs). Public clouds today provide access to immense processing power by high-end CPUs as well as low-power and low-cost CPUs. Ocserv is designed to take advantage of that, and its performance and ability to serve clients scales linearly with number of CPUs. It has very low memory footprint to ensure that limited in memory and thus cheaper hosts can provide the necessary resources to handle thousands of clients. The server's authentication module can operate using a simple password file, to authentication methods that integrate with your organization's setup, such as Radius, OpenID Connect, Kerberos, smart cards and combinations of them to enable two-factor authentication. It further enables you to obtain detailed accounting reports using Radius.
[See ocserv's features] [Read more about ocserv] [See ocserv's documentation]

Learn more about ocserv

Deploy ocserv

Manage ocserv

Getting help

There are various deployment scenarios of ocserv ranging from letsencrypt integration to FreeIPA and Radius integration. Learn how to deploy ocserv at our recipes section. Openconnect server provides a user management interface that allows you to query beyond server status, connected user information as well as monitor and issue commands to control users. All using the command line interface of 'occtl' tool; get output either to console or in JSON format. OpenConnect is a community project; get to know the community and ask for help.
[Read ocserv's recipes] [Read occtl's manual] [Get to know the community]