VyOS appears to use the upstream debian ocserv package @ version 1.1.2. This is somewhat dated, and v1.1.6 builds just fine in the vyos-build Docker container from the Debian salsa repo (https://salsa.debian.org/debian/ocserv.git):
vyos@svl-vy00:~$ ocserv -v ocserv 1.1.6 Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.7.1
It runs great inside the system:
vyos@svl-vy00:~$ show openconnect-server sessions Interface Username IP Remote IP RX TX State Uptime ----------- ---------- ------------- -------------- ------- ------ --------- -------- sslvpn0 testuser 192.168.0.28 10.0.0.20 47.8 MB 9.6 MB connected 20h:56m
Probably best to keep key services (especially ones designed to service requests from the evil WAN) up-to-date, especially as we beef up the CLI to cover the server's feature set.