Open DimitriPapadopoulos opened 1 year ago
Hmmm… no I haven't. Their OneConnect sounds like it might simply be a wrapper around ocserv. I wonder how well they're complying with its license. 🧐
Do you know of publicly-accessible Clavister servers? What does what-vpn
say when pointed at them?
No, I haven't found any. Not sure how to find any with help from Google or other search engines.
There is no evidence they use OpenConnect code, client side or server side. They do share the same AnyConnect protocol (or OpenConnect protocol as they call it) and OpenConnect is clearly on their radar:
It would be nice to be able to use their iOS, Android and Windows OneConnect clients to connect to ocserv servers, since we lack well-maintained clients for these platforms. Unfortunately, it looks like there are some inconsistencies between NetWall and ocserv (which supports the idea the code base is different): https://gitlab.com/openconnect/ocserv/-/issues/485
It would also be nice to test whether OpenConnect can indeed connect to Clavister NetWall appliances.
The Clavister OneConnect Android client uses wolfSSL and Apache HttpComponents as far as I can see by looking into the APK file, so it does seem they have rewritten the client at least.
$ unzip -q Clavister\ OneConnect_3.5_Apkpure.xapk
$
$ unzip -t config.arm64_v8a.apk | grep -i wolf
testing: lib/arm64-v8a/libwolfssl.so OK
testing: lib/arm64-v8a/libwolfsslwrapper.so OK
$
$ unzip -t com.clavister.oneconnect.apk | grep -i apache/hc
testing: org/apache/hc/client5/version.properties OK
testing: org/apache/hc/core5/version.properties OK
$
Have you heard of Clavister NetWall? Appears to be somehow compatible with AnyConnect SSL VPN.
See Clavister (Classic) SSL VPN vs OneConnect (OpenConnect based) SSL VPN.