Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:openconnect:extras [2023/10/29 01:00] – consolidate naming vgaeteradocs:guide-user:services:vpn:openconnect:extras [2024/10/16 20:06] – [Default gateway] andrewz
Line 16: Line 16:
  
 ==== Web interface ==== ==== Web interface ====
-If you want to manage VPN settings using web interface+If you want to manage VPN server settings using web interface:
-Install the necessary packages.+
  
 <code bash> <code bash>
Line 27: Line 26:
  
 Navigate to **LuCI -> VPN -> OpenConnect VPN** to configure OpenConnect server. Navigate to **LuCI -> VPN -> OpenConnect VPN** to configure OpenConnect server.
 +
 +If you want to configure VPN client using web interface:
  
 <code bash> <code bash>
Line 36: Line 37:
  
 Navigate to **LuCI -> Network -> Interfaces** to configure OpenConnect client. Navigate to **LuCI -> Network -> Interfaces** to configure OpenConnect client.
 +
 +==== Commercial provider ====
 +Fetch server certificate from remote VPN server.
 +Beware of possible MITM.
 +
 +<code bash>
 +openssl s_client -showcerts -connect ${VPN_SERV}:${VPN_PORT} \
 +< /dev/null > server-cert.pem
 +</code>
 +
  
 ==== Dynamic connection ==== ==== Dynamic connection ====
Line 41: Line 52:
  
 ==== Default gateway ==== ==== Default gateway ====
-If you do not need to route all traffic to VPN+Disable gateway redirection in the client if you don'need to route all traffic through VPN.
-Disable gateway redirection on VPN client.+
  
 <code bash> <code bash>
Line 92: Line 102:
 <code bash> <code bash>
 VPN_POOL6="fd00:9::/64" VPN_POOL6="fd00:9::/64"
-VPN_DNS6="${VPN_POOL6%/*}1"+VPN_DNS6="${VPN_POOL6%:*}:1"
 uci set ocserv.config.ip6addr="${VPN_POOL6}" uci set ocserv.config.ip6addr="${VPN_POOL6}"
 uci -q delete ocserv.dns6 uci -q delete ocserv.dns6
  • Last modified: 2024/10/17 17:30
  • by andrewz