You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Open client for Cisco AnyConnect, Juniper, Pulse, GlobalProtect, F5, Fortinet and Array Networks (IBM Cloud) VPNs
When we do not control the closed-source VPN server (personally at work with GlobalProtect), an open-source client alternative (command line on Termux) is a blessing.
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Android
Connected to XXX.XXX.XXX.XXX:443
SSL negotiation with vpn-CENSORED-CENSORED.CENSORED.fr
Connected to HTTPS on vpn-CENSORED-CENSORED.CENSORED.fr with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
Enter login credentials
Password:
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/global-protect/getconfig.esp
Portal reports GlobalProtect version 6.2.8-183; we will report the same client version.
Portal set HIP report interval to 60 minutes).
1 gateway servers available:
GP_CENSORED-CENSORED_GW (vpn-CENSORED-CENSORED.CENSORED.fr) [priority 1]
Please select GlobalProtect gateway.
GATEWAY: [GP_CENSORED-CENSORED_GW]:GP_CENSORED-CENSORED_GW
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/login.esp
GlobalProtect login returned authentication-source=LDAP_Auth_Shared
GlobalProtect login returned portal-userauthcookie=empty
GlobalProtect login returned portal-prelogonuserauthcookie=empty
GlobalProtect login returned usually-equals-4=4
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/getconfig.esp
Tunnel timeout (rekey interval) is 480 minutes.
Idle timeout is 480 minutes.
No MTU received. Calculated 1422 for ESP tunnel
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/hipreportcheck.esp
WARNING: Server asked us to submit HIP report with md5sum 69232158904462735d2977ef64ebb1a6.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
ESP session established with server
ESP tunnel connected; exiting HTTPS mainloop.
Configured as YYY.YYY.YYY.YYY, with SSL disconnected and ESP established
Session authentication will expire at Mon, 13 Apr 2026 16:21:53 CEST
mkdir: cannot create directory ‘/var’: Read-only file system
Failed to open tun device: Permission denied
Set up tun device failed
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/logout.esp
SSL negotiation with vpn-CENSORED-CENSORED.CENSORED.fr
Connected to HTTPS on vpn-CENSORED-CENSORED.CENSORED.fr with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
Logout successful.
Unrecoverable I/O error; exiting.
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Android
Connected to XXX.XXX.XXX.XXX:443
SSL negotiation with vpn-CENSORED-CENSORED.CENSORED.fr
Connected to HTTPS on vpn-CENSORED-CENSORED.CENSORED.fr with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
Enter login credentials
Password:
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/global-protect/getconfig.esp
Portal reports GlobalProtect version 6.2.8-183; we will report the same client version.
Portal set HIP report interval to 60 minutes).
1 gateway servers available:
GP_CENSORED-CENSORED_GW (vpn-CENSORED-CENSORED.CENSORED.fr) [priority 1]
Please select GlobalProtect gateway.
GATEWAY: [GP_CENSORED-CENSORED_GW]:GP_CENSORED-CENSORED_GW
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/login.esp
GlobalProtect login returned authentication-source=LDAP_Auth_Shared
GlobalProtect login returned portal-userauthcookie=empty
GlobalProtect login returned portal-prelogonuserauthcookie=empty
GlobalProtect login returned usually-equals-4=4
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/getconfig.esp
Tunnel timeout (rekey interval) is 480 minutes.
Idle timeout is 480 minutes.
No MTU received. Calculated 1422 for ESP tunnel
POST https://vpn-CENSORED-CENSORED.CENSORED.fr/ssl-vpn/hipreportcheck.esp
WARNING: Server asked us to submit HIP report with md5sum 69232158904462735d2977ef64ebb1a6.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
ESP session established with server
ESP tunnel connected; exiting HTTPS mainloop.
Configured as YYY.YYY.YYY.YYY, with SSL disconnected and ESP established
Session authentication will expire at Mon, 13 Apr 2026 16:24:33 CEST
mkdir: cannot create directory ‘/var’: Read-only file system
mkdir: cannot create directory ‘/var’: Read-only file system
/data/data/com.termux/files/home/bens_folder/dev/gits/original/vpnc-scripts/vpnc-script: 332: cannot create /var/run/vpnc/defaultroute.26957: Directory nonexistent
cp: cannot stat '/etc/resolv.conf': No such file or directory
/data/data/com.termux/files/home/bens_folder/dev/gits/original/vpnc-scripts/vpnc-script: 616: cannot open /var/run/vpnc/resolv.conf-backup.26957: No such file
Script '/data/data/com.termux/files/home/bens_folder/dev/gits/original/vpnc-scripts/vpnc-script' returned error 2
Failed to open /dev/vhost-net: No such file or directory
Even if as OpenVPN this package is only available if root it would be fine.
Why is it worth to add this package?
When we do not control the closed-source VPN server (personally at work with GlobalProtect), an open-source client alternative (command line on Termux) is a blessing.
Home page URL
No response
Source code URL
https://gitlab.com/openconnect/openconnect
Packaging policy acknowledgement
The project is actively developed.
The project has existing packages and is "well known".
Licensed under an open source license.
Not available through a language package manager: cargo, cpan, dotnet tool, gem, npm, pip, etc.
Not taking up too much disk space (< 100MiB per architecture, exceptions can be made)
Not duplicating the functionality of existing packages.
Not serving hacking, malware, phishing, spamming, spying, ddos functionality.
I certify that I have read Termux Packaging Policy and understand that my request will be denied if it is found lacking.
Additional information
F-Droid: OpenConnect (net.openconnect_vpn.android) is an alternative open-source app, however it fails for my GlobalProtect usage and I would prefer a Termux CLI.
I achieve compiling OpenConnect app, OpenConnect on Linux, and OpenConnect on Termux, but I am new to Magisk, and fail to leverage
remountto create/var/to reduce errors in the following:Output:
Output:
Even if as OpenVPN this package is only available if
rootit would be fine.