packages

History

John Crispin d4042ec35e generic userid: use the new USERID api recent changes in trunk allow us to specify the userid inside the openwrt makefile. the info is stored int he meta data of the IPK contorl file and users are generated by the new generic postinst trigger. Signed-off-by: John Crispin <blogic@openwrt.org>		2014-10-08 03:45:30 +02:00
..
files	generic userid: use the new USERID api	2014-10-08 03:45:30 +02:00
Config.in	ocserv: use the system's protocol buffers by default	2014-08-27 18:09:04 +02:00
Makefile	generic userid: use the new USERID api	2014-10-08 03:45:30 +02:00
README	ocserv/openconnect: updated documentation on the luci components	2014-06-18 21:32:05 +02:00

README

The openconnect server expects to be configured using the uci interface.

To setup a server the provides access to LAN with network address
10.100.2.0/255.255.255.0 using the VPN address range
10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:

-----------------------------------------------------------------
config ocserv 'config'
	option port '4443'
	option dpd '120'
	option max_clients '8'
	option max_same '2'
	option netmask '255.255.255.0'
	option ipaddr '10.100.3.0'
	option auth 'plain'
	option zone 'lan'
	option fwport '4443'
	option enable '1'

config dns
	option ip '10.100.2.1'

config routes
	option ip '10.100.2.0'
	option netmask '255.255.255.0'

config ocservusers
	option name 'test'
	option password '$5$unl8uKAGNsdTh9zm$PnUHEGhDc5VHbFE2EfWwW38Bub6Y6EZ5hrFwZE1r2F1'

-----------------------------------------------------------------

This configuration also adds the user "test" with password "test". The
password is specified in the crypt(3) format.

The server can be enabled and started using:
# /etc/init.d/ocserv enable
# /etc/init.d/ocserv start



There is a luci plugin to allow configuring the server from
the web environment; see the package luci-app-ocserv.