Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clavister NetWall #23

Open
DimitriPapadopoulos opened this issue Dec 30, 2022 · 4 comments
Open

Clavister NetWall #23

DimitriPapadopoulos opened this issue Dec 30, 2022 · 4 comments

Comments

@DimitriPapadopoulos
Copy link
Contributor

Have you heard of Clavister NetWall? Appears to be somehow compatible with AnyConnect SSL VPN.

See Clavister (Classic) SSL VPN vs OneConnect (OpenConnect based) SSL VPN.
@dlenski
Copy link
Owner

dlenski commented Dec 30, 2022

Hmmm… no I haven't. Their OneConnect sounds like it might simply be a wrapper around ocserv. I wonder how well they're complying with its license. 🧐

@dlenski
Copy link
Owner

dlenski commented Dec 30, 2022

Do you know of publicly-accessible Clavister servers? What does what-vpn say when pointed at them?

@DimitriPapadopoulos
Copy link
Contributor Author

DimitriPapadopoulos commented Dec 30, 2022
edited
Loading

No, I haven't found any. Not sure how to find any with help from Google or other search engines.

There is no evidence they use OpenConnect code, client side or server side. They do share the same AnyConnect protocol (or OpenConnect protocol as they call it) and OpenConnect is clearly on their radar:

It would be nice to be able to use their iOS, Android and Windows OneConnect clients to connect to ocserv servers, since we lack well-maintained clients for these platforms. Unfortunately, it looks like there are some inconsistencies between NetWall and ocserv (which supports the idea the code base is different):
https://gitlab.com/openconnect/ocserv/-/issues/485

It would also be nice to test whether OpenConnect can indeed connect to Clavister NetWall appliances.

@DimitriPapadopoulos
Copy link
Contributor Author

DimitriPapadopoulos commented Dec 30, 2022
edited
Loading

The Clavister OneConnect Android client uses wolfSSL and Apache HttpComponents as far as I can see by looking into the APK file, so it does seem they have rewritten the client at least.

$ unzip -q Clavister\ OneConnect_3.5_Apkpure.xapk
$ 
$ unzip -t config.arm64_v8a.apk | grep -i wolf
    testing: lib/arm64-v8a/libwolfssl.so   OK
    testing: lib/arm64-v8a/libwolfsslwrapper.so   OK
$ 
$ unzip -t com.clavister.oneconnect.apk | grep -i apache/hc
    testing: org/apache/hc/client5/version.properties   OK
    testing: org/apache/hc/core5/version.properties   OK
$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dlenski @DimitriPapadopoulos