Skip to content

feat: add openconnect extension #959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jadiaheno wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: add openconnect extension #959

jadiaheno wants to merge 1 commit into from

Conversation

@jadiaheno
Copy link

@jadiaheno jadiaheno commented Jan 27, 2026

Summary

  • Add OpenConnect multi-protocol SSL VPN client extension for Talos Linux
  • Supports Cisco AnyConnect, Juniper, GlobalProtect, Pulse Secure, F5, Fortinet, and Array Networks protocols
  • Includes Go wrapper for configuration via environment variables

Changes

  • network/vars.yaml: Add OpenConnect version variables (v9.12)
  • network/openconnect/: New extension directory with:
    • Build configuration using OpenSSL for TLS
    • Service configuration with TUN device and networking mounts
    • Go wrapper for environment-based configuration
    • User documentation with examples for all protocols

Configuration

The extension is configured via ExtensionServiceConfig:

apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: openconnect
environment:
  - OPENCONNECT_SERVER=vpn.example.com
  - OPENCONNECT_PROTOCOL=anyconnect
  - OPENCONNECT_USER=username
  - OPENCONNECT_PASSWORD=password
  - OPENCONNECT_SERVERCERT=pin-sha256:ABC123...

Supported Environment Variables

Variable Description Required
OPENCONNECT_SERVER VPN server URL Yes
OPENCONNECT_PROTOCOL Protocol (anyconnect, nc, gp, pulse, f5, fortinet, array) No
OPENCONNECT_USER Username No
OPENCONNECT_PASSWORD Password No
OPENCONNECT_CERTIFICATE Client certificate path No
OPENCONNECT_PRIVATE_KEY Private key path No
OPENCONNECT_SERVERCERT Server cert fingerprint Recommended
OPENCONNECT_EXTRA_ARGS Additional CLI args No

Test plan

  • Build extension: make openconnect PLATFORM=linux/amd64
  • Verify static/dynamic linking of binary
  • Run extensions-validator on built rootfs
  • Deploy to Talos test node and verify tunnel creation

🤖 Generated with Claude Code

@jadiaheno @claude
feat: add openconnect extension
a005f04 
Add OpenConnect multi-protocol SSL VPN client extension supporting:
- Cisco AnyConnect
- Juniper Network Connect
- Palo Alto GlobalProtect
- Pulse Secure
- F5 BIG-IP
- Fortinet SSL VPN
- Array Networks SSL VPN

The extension includes a Go wrapper for configuration via environment
variables and supports username/password and certificate authentication.

Co-Authored-By: Claude Opus 4.5 <[email protected]>
Signed-off-by: Jonathan E. <[email protected]>
@jadiaheno jadiaheno force-pushed the feat/openconnect-extension branch from fdab0c4 to a005f04 Compare January 28, 2026 00:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jadiaheno