what-vpn icon indicating copy to clipboard operation
what-vpn copied to clipboard

Published 20 hours ago verified publisher icon dlenski

Clavister NetWall

Open DimitriPapadopoulos opened this issue 1 year ago • 4 comments

Have you heard of Clavister NetWall? Appears to be somehow compatible with AnyConnect SSL VPN.

See Clavister (Classic) SSL VPN vs OneConnect (OpenConnect based) SSL VPN.

DimitriPapadopoulos avatar Dec 30 '22 12:12 DimitriPapadopoulos

Hmmm… no I haven't. Their OneConnect sounds like it might simply be a wrapper around ocserv. I wonder how well they're complying with its license. 🧐

dlenski avatar Dec 30 '22 15:12 dlenski

Do you know of publicly-accessible Clavister servers? What does what-vpn say when pointed at them?

dlenski avatar Dec 30 '22 15:12 dlenski

No, I haven't found any. Not sure how to find any with help from Google or other search engines.

There is no evidence they use OpenConnect code, client side or server side. They do share the same AnyConnect protocol (or OpenConnect protocol as they call it) and OpenConnect is clearly on their radar:

It would be nice to be able to use their iOS, Android and Windows OneConnect clients to connect to ocserv servers, since we lack well-maintained clients for these platforms. Unfortunately, it looks like there are some inconsistencies between NetWall and ocserv (which supports the idea the code base is different): https://gitlab.com/openconnect/ocserv/-/issues/485

It would also be nice to test whether OpenConnect can indeed connect to Clavister NetWall appliances.

DimitriPapadopoulos avatar Dec 30 '22 18:12 DimitriPapadopoulos

The Clavister OneConnect Android client uses wolfSSL and Apache HttpComponents as far as I can see by looking into the APK file, so it does seem they have rewritten the client at least.

$ unzip -q Clavister\ OneConnect_3.5_Apkpure.xapk
$ 
$ unzip -t config.arm64_v8a.apk | grep -i wolf
    testing: lib/arm64-v8a/libwolfssl.so   OK
    testing: lib/arm64-v8a/libwolfsslwrapper.so   OK
$ 
$ unzip -t com.clavister.oneconnect.apk | grep -i apache/hc
    testing: org/apache/hc/client5/version.properties   OK
    testing: org/apache/hc/core5/version.properties   OK
$

DimitriPapadopoulos avatar Dec 30 '22 19:12 DimitriPapadopoulos