Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/ocserv/README
Nikos Mavrogiannopoulos 03134441f2 openconnect: corrected port descriptions in README 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-07-08 19:39:19 +02:00

91 lines
2.6 KiB
Text
Raw Blame History

The openconnect server expects to be configured using the uci interface.
It is recommended to setup a dynamic DNS address with openwrt prior
to starting the server. That is because during the first startup
a certificate file which contain the setup dynamic DNS name will be
created.
To setup a server the provides access to LAN with network address
10.100.2.0/255.255.255.0 using the VPN address range
10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
----/etc/config/ocserv-------------------------------------------
config ocserv 'config'
option port '4443'
option dpd '120'
option max_clients '8'
option max_same '2'
option netmask '255.255.255.0'
option ipaddr '10.100.3.0'
option auth 'plain'
option zone 'vpn'
option default_domain 'lan'
option compression '1'
option enable '1'
config dns
option ip '10.100.2.1'
config routes
option ip '10.100.2.0'
option netmask '255.255.255.0'
config ocservusers
option name 'test'
option password '$5$unl8uKAGNsdTh9zm$PnUHEGhDc5VHbFE2EfWwW38Bub6Y6EZ5hrFwZE1r2F1'
-----------------------------------------------------------------
This configuration also adds the user "test" with password "test". The
password is specified in the crypt(3) format.
The server can be enabled and started using:
# /etc/init.d/ocserv enable
# /etc/init.d/ocserv start
To simplify firewall configuration, you should setup an unmanaged interface
(e.g., called vpn), and will have assigned the 'vpns+' interfaces. Then a zone
called vpn should be setup to handle interactions with lan. An example
follows:
----/etc/config/network------------------------------------------
config interface 'vpn'
option proto 'none'
option ifname 'vpns+'
-----------------------------------------------------------------
----/etc/config/firewall-----------------------------------------
config zone
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option name 'vpn'
option device 'vpns+'
option network 'vpn'
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '4443'
option name 'vpn'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '4443'
option name 'vpn'
-----------------------------------------------------------------
There is a luci plugin to allow configuring the server from
the web environment; see the package luci-app-ocserv.
Reference in a new issue View git blame Copy permalink