Using OpenConnect with newly released OPNsense 18.1.1

Hey guys, with the release of 18.1.1 we introduced the OpenConnect plugin with no real introduction. So what is it used for or for I can use it? Imagine you have a Cisco ASA within your company allowing you to use AnyConnect on your PC to connect to. This now can be done via the plugin and you can allow multiple inside hosts to reach you company LAN!

Just install the plugin the usual way, go to VPN – OpenConnect and set the server host and username/password. If you are using groups you should add the groupname behind the server URI.

When you have this enabled you have also a new interface in your firewall rules and you can set up fine grained rules who can reach the company LAN.

Ok, what’s missing? Sure, you LAN clients have an internal IP, so you need some NAT. Go to Firewall – NAT – Outbound and set a rule on your OpenConnect interface, source and destination properly and with interface nat all the specified packets will be hidden behind your VPN IP received by the Cisco ASA.

For further questions reach me out in the forums, bug reports very welcomed at gitub in the plugins repo!