Skip to main contentSkip to navigation

Client Compatibility

WolfGuard implements the industry-standard AnyConnect protocol, ensuring compatibility with existing VPN clients while adding modern security features.

Full Cisco Compatibility

Drop-in replacement for Cisco AnyConnect Server with complete protocol support

Open Standards

Works with any AnyConnect-compatible client implementation

Modern Protocols

TLS 1.3 and DTLS 1.3 support for enhanced security

High Performance

Optimized with wolfSSL for minimal overhead and maximum throughput

Cross-Platform

Linux, Windows, macOS support with consistent functionality

Split Tunneling

Intelligent traffic routing to route specific apps or networks through VPN while allowing direct access for others

AnyConnect Protocol Support

WolfGuard implements the Cisco AnyConnect SSL VPN protocol, providing full compatibility with official and third-party clients. The server supports both the TLS control channel and DTLS data channel for optimal performance.

TLS 1.3 for control channel
DTLS 1.3 for data channel
Certificate and password authentication
IPv4 and IPv6 tunneling
Split tunneling configuration
DNS and routing policy distribution

Cisco Secure Client (AnyConnect)

WolfGuard is fully compatible with Cisco Secure Client (formerly Cisco AnyConnect), allowing you to use the official client with your WolfGuard server deployment.

Version 5.x

Fully Supported

Supported Features:

TLS 1.3
TLS 1.2
DTLS 1.2
Certificate Auth
Password Auth
OTP/2FA
SAML/SSO

Latest version (5.1.12.146) includes TLS 1.3 support with improved performance and security. DTLS 1.2 for UDP connections.

Version 4.x

Supported

Supported Features:

TLS 1.2
DTLS 1.2
Certificate Auth
Password Auth
OTP/2FA
Legacy Protocol

Legacy AnyConnect client with TLS 1.2 and DTLS 1.2 support. Reliable but lacks modern protocol features.

Protocol Limitations

While WolfGuard server supports modern protocols including TLS 1.3, DTLS 1.3, and QUIC, current Cisco clients are limited to older protocol versions:

  • Cisco 5.x: Supports TLS 1.3 for TCP, but only DTLS 1.2 for UDP (not DTLS 1.3)
  • Cisco 4.x: Limited to TLS 1.2 and DTLS 1.2 only
  • No QUIC support: Neither version supports next-generation QUIC protocol

The upcoming WolfGuard Connect client will unlock full server capabilities with DTLS 1.3 and QUIC support.

Supported Features

Multi-factor authentication (MFA)
One-Time Password (OTP) via RADIUS - TOTP/HOTP
Certificate-based authentication
Username/password authentication
Client certificate validation
Always-On VPN
Trusted Network Detection
Split tunneling and split DNS
IPv4 and IPv6 dual-stack
Compression (LZS, Deflate)
Custom connection profiles

Get Cisco Secure Client

Download the official Cisco Secure Client (AnyConnect) from Cisco's website. The client is available for Windows, macOS, Linux, iOS, and Android.

You may need a Cisco account to download. Alternatively, some VPN providers offer the client for download.
Visit Cisco

Connecting to WolfGuard

To connect to your WolfGuard server using Cisco Secure Client:

  1. Launch Cisco Secure Client (AnyConnect)
  2. Enter your WolfGuard server address (e.g., vpn.example.com)
  3. Click Connect and accept the server certificate if prompted
  4. Enter your credentials (username/password or certificate as configured)
  5. The client will establish a secure VPN connection

Note: WolfGuard supports the same connection profiles and configuration options as Cisco AnyConnect Server, so existing client configurations will work without modification.

Cisco Secure Client Compatibility Matrix

WolfGuard is compatible with Cisco Secure Client (formerly AnyConnect) versions 4.9 through 5.1. The following matrix shows OS support across all major client versions.

Looking for information about Windows 7, Windows 8.1, or other end-of-life operating systems? See the Legacy System Support section below.

Legend:

Full Support
Partial Support
End of Life (EOL)
Not Supported

Windows

Operating System4.9.x4.10.x5.0.x5.1.x
Windows 11 (x64)
Windows 11 ARM64VPN only in 4.x
Windows 10 (x64)
Windows 10 (x86)
Windows 8.1EOL Jan 2023
Windows 7EOL Jan 2020

macOS

Operating System4.9.x4.10.x5.0.x5.1.x
macOS 26 Tahoe5.1.12.146+
macOS 15 Sequoia5.1.6.103+
macOS 14 Sonoma
macOS 13 Ventura
macOS 12 MontereyRemoved in 5.1.6.103
macOS 11 Big SurRemoved in 5.1.3.62
macOS 10.15 CatalinaVPN only in 5.0

Linux

Operating System4.9.x4.10.x5.0.x5.1.x
Red Hat 10.x
Red Hat 9.x
Red Hat 8.x8.2+ for 4.9
Red Hat 7.xEOL Jun 2024
Ubuntu 24.04 LTS
Ubuntu 22.04 LTS
Ubuntu 20.04 LTSRemoved in 5.1.10.233
Ubuntu 18.04 LTSEOL
SUSE SLES 15Limited features
Linux ARM64Added in 5.1.11.388

Key Version Milestones

4.9.x:Last AnyConnect 4.x release; TLS 1.2 only; End-of-Life
4.10.x:WPA3 support; External SSO; Enhanced smartcard support; End-of-Life
5.0.x:TLS 1.3 debut; Rebranding to Cisco Secure Client; FIDO2/WebAuthN support
5.1.x:Post-quantum cryptography; Linux ARM64; macOS 26 support; Latest stable

Protocol Support by Version:

TLS Protocol:
  • TLS 1.3: Versions 5.0+ (requires ASA 9.19.1+)
  • TLS 1.2: All versions
  • TLS 1.0/1.1: Deprecated in 4.9+, removed in 5.0+
DTLS Protocol:
  • DTLS 1.2: All versions
  • DTLS 1.3: Not yet implemented by Cisco
  • DTLS 1.0: Legacy support in older versions

Alternative VPN Clients

WolfGuard works with any AnyConnect-compatible VPN client. Here are some popular open-source and third-party alternatives to Cisco Secure Client.

OpenConnect

Linux, macOS, Windows, BSDCLI & GUI
Recommended

Open-source AnyConnect-compatible client with excellent Linux support

Key Features:

Command-line interface
NetworkManager GUI integration (Linux)
macOS Tunnelblick support
Full protocol compatibility
OTP support via --token-mode

Quick Install:

ubuntu:

bash
sudo apt install openconnect

fedora:

bash
sudo dnf install openconnect

macos:

bash
brew install openconnect
Official Website

OpenConnect GUI

Windows, LinuxGUI
Supported

Graphical user interface for OpenConnect on Windows and Linux

Key Features:

Native Windows GUI
Easy connection management
Profile configuration
System tray integration
OTP/TOTP support
Official Website

NetworkManager OpenConnect

Linux (GNOME, KDE)GUI Plugin
Recommended

NetworkManager plugin for seamless VPN integration in Linux desktop environments

Key Features:

Native desktop integration
GNOME and KDE support
Auto-connect on boot
Connection profiles
TOTP/HOTP configuration

Quick Install:

ubuntu:

bash
sudo apt install network-manager-openconnect-gnome

fedora:

bash
sudo dnf install NetworkManager-openconnect-gnome

Mobile Clients

iOS, AndroidMobile Apps
Supported

Cisco Secure Client official mobile apps for iOS and Android

Key Features:

Native mobile experience
Always-On VPN
Per-app VPN (iOS)
Trusted Network Detection

Download Apps:

Download on the App StoreGet it on Google Play
Official Website

Compatibility Matrix

ClientTLS 1.3DTLS 1.3Certificate AuthPassword AuthOTP/2FA
Cisco Secure Client 5.x
OpenConnect 9.x
NetworkManager Plugin
OpenConnect GUI

OTP/2FA Support: All clients support One-Time Password authentication via RADIUS integration. WolfGuard server can authenticate users using TOTP (Time-based One-Time Password) or HOTP (HMAC-based One-Time Password) tokens. Compatible with Google Authenticator, Microsoft Authenticator, Authy, and other RFC 6238/4226 compliant authenticator apps.

WolfGuard Connect

In Development

The official WolfGuard VPN client is currently under development. It will unlock the full potential of WolfGuard server with support for DTLS 1.3 and QUIC protocol - modern features that current Cisco clients cannot provide.

Unlock Full Server Capabilities

WolfGuard Connect will be a modern, open-source VPN client built with C++ and Qt6, unlocking advanced protocols that legacy clients cannot support:

DTLS 1.3: Faster handshakes, improved security, and better performance for UDP connections
QUIC Protocol: Next-generation transport combining TCP reliability with UDP speed - ideal for mobile and unstable networks

Technology Stack:

C++23
Qt6
wolfSSL
Cross-Platform
Open Source

Key Features

Modern

DTLS 1.3 Support

Next-generation datagram protocol for secure UDP VPN connections - not available in current Cisco clients

Modern

QUIC Protocol

Modern transport protocol combining TCP reliability with UDP performance for superior VPN experience

Cross-Platform Desktop

Native applications for Windows, macOS, and Linux with consistent UI/UX

Mobile Apps

iOS and Android applications with platform-specific features and optimizations

Modern Qt6 UI

Clean, intuitive interface with native look and feel on each platform

Auto-Update

Automatic update mechanism to keep your VPN client secure with the latest features and patches

Protocol Advantage

WolfGuard Connect will support next-generation protocols that provide significant advantages over legacy implementations:

ProtocolCisco ClientsWolfGuard ConnectBenefit
TLS (TCP)1.3 (v5.x), 1.2 (v4.x)
TLS 1.3
Faster handshakes
DTLS (UDP)1.2 only
DTLS 1.3
Better performance, security
QUICNot supported
Supported
Mobile optimization, 0-RTT

Why this matters: DTLS 1.3 and QUIC provide faster connection establishment, improved security, and better performance on unreliable networks - making them ideal for modern VPN deployments, especially on mobile devices.

Development Roadmap

Phase 1: Core Functionality

Basic VPN connection with DTLS 1.3 and QUIC support, authentication, tunnel management

Phase 2: Platform Integration

Native OS integration, system tray, auto-connect features, network detection

Phase 3: Advanced Features

Split tunneling, connection profiles, diagnostics tools, performance monitoring

Phase 4: Mobile Clients

iOS and Android applications with QUIC optimization for mobile networks

Follow Development

The WolfGuard Connect client will be developed openly on GitHub. Watch the repository to stay updated on progress, or contribute to development.

View on GitHub

In the Meantime

While WolfGuard Connect is under development, we recommend using:

  • OpenConnect for Linux and macOS users seeking an open-source solution
  • Cisco Secure Client for the most feature-complete experience across all platforms
  • NetworkManager OpenConnect Plugin for seamless Linux desktop integration