Skip to main contentSkip to navigation

About WolfGuard

Version 1.0.0-alpha
GPLv3 License
Active Development

Mission & Goals

WolfGuard aims to provide an enterprise-grade, open-source VPN server that combines modern cryptographic standards with compatibility for existing enterprise infrastructure.

Our mission is to eliminate the dependency on proprietary VPN solutions while maintaining full compatibility with industry-standard clients like Cisco Secure Client (AnyConnect). By leveraging the power of wolfSSL and wolfSentry, we deliver enterprise-grade cryptography and integrated intrusion detection in a single, auditable codebase.

WolfGuard is designed for DevOps engineers, system administrators, and security professionals who require transparent, auditable security without vendor lock-in.

Current Status

  • Version: 1.0.0-alpha
  • Stage: Active development
  • TLS: 1.3 / DTLS 1.3 support
  • Cisco Client: Fully compatible

License

WolfGuard is released under the GNU General Public License v3.0 (GPLv3).

This ensures the code remains free and open-source, allowing for security audits and community contributions while protecting user freedoms.

Project History

WolfGuard evolved from the need for a modern, secure VPN server that could replace proprietary solutions while maintaining compatibility with existing enterprise infrastructure.

2025WolfGuard Launch

Official launch of WolfGuard, establishing clear identity and mission focused on wolfSSL integration for enterprise-grade VPN security.

2024ocserv Foundation

OpenConnect Server (ocserv) project reached version 1.3.0 in May 2024, introducing enhanced HTTP parsing with llhttp, expanded group management (up to 512 groups), and URL-based group selection. The project continues active development with regular security and compatibility updates.

2013ocserv Creation

Original OpenConnect Server (ocserv) created by Nikos Mavrogiannopoulos, establishing the protocol foundation for Cisco AnyConnect compatible VPN servers.

Fork & Evolution

WolfGuard is a modernized fork of the OpenConnect Server (ocserv) project. While maintaining protocol compatibility, we've completely rebuilt the architecture with:

  • • Modern C23 standards
  • • wolfSSL cryptographic backend (replacing OpenSSL)
  • • wolfSentry intrusion detection integration
  • • Enhanced security and performance optimizations

Technical Architecture

Modular Design

WolfGuard is built with a clean, modular architecture that separates concerns and enables independent development, testing, and optimization of each component.

Core Server

Written in modern C23, providing high performance and low resource usage

  • Modular design
  • Event-driven architecture
  • Multi-threaded support

wolfSSL/wolfCrypt

Enterprise-grade cryptography with wolfSSL for maximum security

  • TLS 1.3 / DTLS 1.3
  • Hardware acceleration
  • Post-quantum ready

wolfSentry IDPS

Integrated intrusion detection and prevention system

  • Real-time threat detection
  • IP filtering
  • Rate limiting

Cisco Protocol

Full AnyConnect SSL VPN protocol implementation

  • Certificate auth
  • DTLS transport
  • Split tunneling

Performance

Optimized for high throughput and low latency:

  • Zero-copy networking: Minimized data copying
  • Hardware acceleration: AES-NI, AVX support
  • Efficient TLS: wolfSSL optimizations
  • Low memory footprint: <50MB typical usage

Protocol Stack

Complete implementation of AnyConnect protocol:

Control Channel (TLS 1.3)

Authentication, configuration, keepalive

Data Channel (DTLS 1.3)

Encrypted VPN traffic, UDP transport

Tunneling Layer

IP packet encapsulation, routing

Security-First Design

Every architectural decision in WolfGuard prioritizes security without compromising performance:

  • Memory Safety: Strict bounds checking, safe string handling, no unsafe operations
  • Privilege Separation: Worker processes drop privileges after initialization
  • Defense in Depth: Multiple layers of security validation (wolfSentry, protocol checks, input validation)
  • Secure Defaults: Strong cipher suites, perfect forward secrecy enabled by default

Our Philosophy

WolfGuard is built on core principles that guide every technical decision and community interaction. These values ensure we deliver not just software, but a trustworthy security solution.

Security First

Every decision prioritizes security. We use certified cryptography, follow best practices, and design with defense in depth.

Transparency

Open-source code means anyone can audit, verify, and trust our security claims. No security through obscurity.

Community Driven

Built by the community, for the community. We welcome contributions, feedback, and collaboration.

Standards Compliance

Adherence to modern standards (TLS 1.3, DTLS 1.3, C23) ensures compatibility, security, and longevity.

Why Open Source Matters

In the security industry, trust cannot be assumed—it must be earned through transparency and verification. By releasing WolfGuard under the GPLv3 license, we enable:

  • Independent Security Audits: Anyone can review the code for vulnerabilities
  • Community Contributions: Benefit from collective expertise
  • No Vendor Lock-in: Freedom to modify and deploy as needed
  • Long-term Sustainability: The project survives beyond any single entity