Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:openconnect:server [2020/11/28 10:39] – [3. VPN service] update vgaetera | docs:guide-user:services:vpn:openconnect:server [2023/03/25 10:46] – [2. Key management] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== OpenConnect server ====== | + | ====== OpenConnect server ====== |
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| Line 9: | Line 9: | ||
| {{section> | {{section> | ||
| - | ===== Instructions | + | ===== Command-line instructions |
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| - | Set up [[docs: | + | Install the required |
| - | Install the packages and specify the VPN server | + | Specify configuration parameters for VPN server. |
| - | Fetch client [[docs: | + | |
| <code bash> | <code bash> | ||
| Line 21: | Line 20: | ||
| # Configuration parameters | # Configuration parameters | ||
| - | OC_PORT=" | + | VPN_PORT=" |
| - | OC_POOL=" | + | VPN_POOL=" |
| - | OC_DNS="${OC_POOL%.* *}.1" | + | VPN_DNS="${VPN_POOL%.* *}.1" |
| - | OC_USER=" | + | VPN_USER=" |
| - | OC_HPASS="PASSWORD_HASH" | + | VPN_PASS="PASSWORD" |
| </ | </ | ||
| - | ==== 2. Firewall ==== | + | ==== 2. Key management ==== |
| - | Consider VPN network as private | + | Generate password hash for VPN client. |
| + | |||
| + | <code bash> | ||
| + | # Generate password hash | ||
| + | ocpasswd ${VPN_USER} << EOI | ||
| + | ${VPN_PASS} | ||
| + | ${VPN_PASS} | ||
| + | EOI | ||
| + | VPN_HASH=" | ||
| + | </ | ||
| + | |||
| + | ==== 3. Firewall ==== | ||
| + | Consider VPN network as private. | ||
| + | Assign | ||
| Allow access to VPN server from WAN zone. | Allow access to VPN server from WAN zone. | ||
| Line 49: | Line 61: | ||
| </ | </ | ||
| - | ==== 3. VPN service ==== | + | ==== 4. VPN service ==== |
| Configure VPN service. | Configure VPN service. | ||
| Line 56: | Line 68: | ||
| uci -q delete ocserv.config.enable | uci -q delete ocserv.config.enable | ||
| uci -q delete ocserv.config.zone | uci -q delete ocserv.config.zone | ||
| - | while uci -q delete ocserv.@dns[0]; | + | uci set ocserv.config.port=" |
| - | while uci -q delete ocserv.@routes[0]; | + | uci set ocserv.config.ipaddr=" |
| - | while uci -q delete ocserv.@ocservusers[0]; | + | uci set ocserv.config.netmask=" |
| - | uci set ocserv.config.port=" | + | uci -q delete ocserv.@routes[0] |
| - | uci set ocserv.config.ipaddr=" | + | uci -q delete ocserv.@dns[0] |
| - | uci set ocserv.config.netmask=" | + | |
| uci set ocserv.dns=" | uci set ocserv.dns=" | ||
| - | uci set ocserv.dns.ip=" | + | uci set ocserv.dns.ip=" |
| + | uci -q delete ocserv.@ocservusers[0] | ||
| uci set ocserv.client=" | uci set ocserv.client=" | ||
| - | uci set ocserv.client.name=" | + | uci set ocserv.client.name=" |
| - | uci set ocserv.client.password=" | + | uci set ocserv.client.password=" |
| uci commit ocserv | uci commit ocserv | ||
| / | / | ||
| Line 87: | Line 99: | ||
| pgrep -f -a ocserv | pgrep -f -a ocserv | ||
| ip address show; ip route show table all | ip address show; ip route show table all | ||
| - | ip rule show; ip -6 rule show; iptables-save; | + | ip rule show; ip -6 rule show; nft list ruleset |
| # Persistent configuration | # Persistent configuration | ||