OpenConnect VPN Server – ‘ocserv’

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual TCP/UDP VPN channel, and uses the standard IETF security protocols to secure it. The server is implemented primarily for the GNU/Linux platform but its code is designed to be portable to other UNIX variants as well.

Setup Server

The setup was adopted from a github project named wppurking/ocserv-docker. Assuming that the server hostname is


My script to launch ocserv container is this:

cat ./


echo "GET git clone"
if [ -d ocserv-docker ]
        echo "${OCSERV_GIT_DIR} exits"
        cd ~
        git clone ${GITHUB_URL}

echo "LAUNCH ocserv container"
docker run -dt --privileged --name ocserv -v ~/ocserv-docker/ocserv:/etc/ocserv -p 443:443/tcp ocserv-docker

echo "CHECK container"
docker ps -aq | xargs docker logs

Clean default users

Remove the default users of the docker container

SED_COMMAND=(sed -i '1,2d' ${FILE})
docker exec -it "$(docker ps -a | grep vpn_run | awk '{print $ 1}')" "${SED_COMMAND[@]}"

Add a new user

OCSERV_DOCKER_ID=$(docker ps -a | grep vpn_run | awk '{print $1}')
docker exec -it ${CSERV_DOCKER_ID} ocpasswd my_username

On Client

check openconnect version

You should have OpenConnect version v7.06 or higher :-)

openconnect --version


Don’t use the –no-cert-check option it’s insecure, use –cafile or –servercert instead. The ca-cert.pem file it’s inside docker container in /opt/certs/ca-cert.pem. Thanks David Woodhouse for reminding me this :-)

sudo openconnect --cafile=ca-cert.pem

automatically with a script

echo -n ${MY_PASSWORD} | sudo openconnect --cafile=ca-cert.pem --background -u ${MY_USER} --passwd-on-stdin


In case you have the following warning you can disable DTLS by adding the option –no-dtls warning “DTLS handshake failed: Resource temporarily unavailable