| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:services:vpn:openconnect:client [2024/10/16 20:22] – [2. Key management] andrewz | docs:guide-user:services:vpn:openconnect:client [2024/10/17 17:46] – [2. Key management] andrewz |
|---|
| |
| ==== 2. Key management ==== | ==== 2. Key management ==== |
| Transfer server certificate to VPN client and generate certificate hash. | Run the code below directly on the VPN server if you can or [[docs:guide-user:services:vpn:openconnect:extras#server_certificate|fetch certificate]] from the server and generate the hash locally: |
| <code bash> | <code bash> |
| # Generate certificate hash | # Generate certificate hash |
| | openssl enc -base64)" | | openssl enc -base64)" |
| </code> | </code> |
| |
| [[docs:guide-user:services:vpn:openconnect:extras#server_certificate|Fetch certificate]] from the server if necessary. | |
| |
| Alternatively, run the client once without specifying ''serverhash'' in the configuration file or "VPN Server's certificate SHA1 hash" in Luci. Open the System Log and look for the following lines: | Alternatively, run the client once without specifying ''serverhash'' in the configuration file or "VPN Server's certificate SHA1 hash" in Luci. Open the System Log and look for the following lines: |
| See all available OpenConnect protocol options [[docs:guide-user:network:tunneling_interface_protocols#protocol_openconnect_openconnect_vpn|here]] and a sample configuration [[https://github.com/openwrt/packages/blob/master/net/openconnect/README|here]]. | See all available OpenConnect protocol options [[docs:guide-user:network:tunneling_interface_protocols#protocol_openconnect_openconnect_vpn|here]] and a sample configuration [[https://github.com/openwrt/packages/blob/master/net/openconnect/README|here]]. |
| |
| Configure [[docs:guide-user:services:vpn:openconnect:extras#dynamic_connection|dynamic connection]] if necessary. | Disable [[docs:guide-user:services:vpn:openconnect:extras#gateway_redirection|gateway redirection]] and/or [[docs:guide-user:services:vpn:openconnect:extras#keep_existing_gateway|keep the existing gateway]] if necessary. |
| |
| ===== Web-based configuration ===== | ===== Web-based configuration ===== |
| |
| Web-based configuration is available through [[:packages:pkgdata:luci-proto-openconnect]] package. | Web-based configuration is available through [[:packages:pkgdata:luci-proto-openconnect]] package. |
| | |
| | <code bash> |
| | # Install packages |
| | opkg update |
| | opkg install luci-proto-openconnect |
| | service rpcd restart |
| | </code> |
| | |
| | Navigate to **LuCI -> Network -> Interfaces** to configure OpenConnect client. |
| |
| Currently not all the options can be set through Luci, so manual changes in ''/etc/config/network'' might be needed. | Currently not all the options can be set through Luci, so manual changes in ''/etc/config/network'' might be needed. |