Replace Cisco Annyconnect with OpenWrt Router

Hello, I'm Frank - I'm new here ...

If the question has already been asked / solved forgive with please, in the forum search, I did not found something really fitting.

So: I would like to do without the VPN software client "anyconnect" (cisco) ;-).
The VPN work should then be done on a OpenWrt router (example: ubnt er-x).

1.) Is that possible, does anyone use it?
2.) If yes, what do I need? Is there a howto? (German preferred :wink:

Greetings from Germany
Frank

Hi Frank, welcome to the forum!

My team at work operates a Cisco VPN solution with AnyConnect as the client software. While it uses open standards, you'll likely find that your VPN admin does "posture assessment" and blocks non-Cisco clients from connecting. Cisco ASAs (the VPN endpoint hardware) assess the client type and version (and can also perform an assessment of the patching level of the client OS and AV software) before allowing connection.

Anyconnect is also intended to allow access to a single device, via a single IP carved off from your remote network's range. I'm guessing that, by running the client software on your Openwrt router you're hoping to allow access from all (or some) of the clients on the network behind it. This will require either NAT (which the ASA should block) or a block of addresses being allocated to you.

I'd suggest you clearly define what you want to achieve then talk to the people administering your VPN.

4 Likes

@lennestadt, welcome to the community!

* OpenVPN https://openwrt.org/docs/guide-user/services/vpn/openvpn/start (German)
* Wireguard https://openwrt.org/docs/guide-user/services/vpn/wireguard (German)

~~* **and more**~~

~~I personally use Wireguard and recommend it.~~

**EDIT: I misunderstood the OP's question, I thought they were seeking software alternatives.**

The OpenConnect project is intended to connect to a Cisco Anyconnect server, replacing their proprietary client. OpenConnect is an installable package on OpenWrt. As @WiteWulf said, some configurations of the server may not be compatible.

5 Likes