How to Set up Certificate Authentication in OpenConnect VPN Server (ocserv)

This tutorial will be showing you how to set up certificate authentication in OpenConnect VPN server (ocserv) on Ubuntu. OpenConnect (ocserv) is an open-source implementation of the Cisco AnyConnect VPN protocol.

In a previous article, I explained the steps to set up OpenConnect VPN server with Let’s Encrypt TLS server certificate. Let’s Encrypt does not issue client certificate, so in that article, we used password authentication. Entering username and password every time can be a hassle, especially if the client software, such as the Cisco AnyConnect app on iOS, doesn’t offer an option to remember password. Many OpenConnect client software can import user certificate, which will free the user from entering username and password. Certificate authentication is also more secure than password authentication.

Real full story here: https://www.linuxbabe.com/ubuntu/certificate-authentication-openconnect-vpn-server-ocserv