This guide details configuring the OpenConnect protocol for SaferVPN on Windows. OpenConnect provides a secure VPN connection. This configuration assumes you have a SaferVPN account.
To use the OpenConnect protocol with SaferVPN, you need an OpenConnect client. ocserv is a server implementation, but we focus on the client side.
Install the OpenConnect client for Windows. openconnect-gui is a popular option.
Obtain the SaferVPN server address. This is usually a hostname or IP address.
Launch the OpenConnect client.
Enter the SaferVPN server address.
Provide your SaferVPN username and password.
The client will attempt to establish an OpenConnect connection.
The core OpenConnect protocol configuration involves specifying the server and authentication.
Server Address: The hostname or IP of the SaferVPN server. Example: us1.safervpn.com.
Username: Your SaferVPN account username.
Password: Your SaferVPN account password.
Authentication Method: Ensure the client is configured for username/password authentication. Some OpenConnect clients support certificate-based authentication; however, this is less common with SaferVPN.
Advanced options (usually in a config file or GUI settings):
--protocol=gp: Forces the client to use the GlobalProtect protocol (often used by OpenConnect).
--user-agent: Sets the user agent string.
--no-http-keep-alive: Disables HTTP keep-alive.
After connecting, ensure traffic routes through the SaferVPN tunnel.
Routing: The OpenConnect client should automatically configure routes so all traffic goes through the VPN. Verify this by checking your routing table (route print in Command Prompt).
DNS: SaferVPN should provide DNS servers. Check your DNS settings (ipconfig /all in Command Prompt) to ensure the SaferVPN DNS servers are being used. DNS leaks can compromise privacy.
Verify the SaferVPN OpenConnect connection is working correctly.
IP Address: Check your public IP address before and after connecting. It should change to the SaferVPN server's IP. Use a website like whatismyip.com.
DNS Leak Test: Perform a DNS leak test to ensure your DNS queries are going through SaferVPN's servers. Several websites offer this service.
Connectivity: Test connectivity to various websites and services to ensure the VPN is not blocking traffic.
Troubleshooting: If you encounter issues, check the OpenConnect client logs for errors.
Firewall: Ensure your firewall isn't blocking OpenConnect traffic (typically UDP port 443).
Updates: Keep your OpenConnect client updated for security patches and bug fixes.
Alternative Clients: If openconnect-gui doesn't work, try other OpenConnect clients for Windows.
SaferVPN Support: Consult SaferVPN's documentation or support for server addresses and specific configuration details.