Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:openconnect:server [2022/10/27 18:33] – [Troubleshooting] OpenWrt 22.03 update vgaeteradocs:guide-user:services:vpn:openconnect:server [2023/03/25 10:46] – [2. Key management] vgaetera
Line 1: Line 1:
 ====== OpenConnect server ====== ====== OpenConnect server ======
-{{section>meta:infobox:howto_links#cli_skills&noheader&nofooter&noeditbutton}}+{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
 ===== Introduction ===== ===== Introduction =====
Line 12: Line 12:
 ==== 1. Preparation ==== ==== 1. Preparation ====
 Install the required packages. Install the required packages.
-Specify the VPN server configuration parameters+Specify configuration parameters for VPN server.
-Generate client [[docs:guide-user:services:vpn:openconnect:extras#password_hash|password hash]].+
  
 <code bash> <code bash>
Line 21: Line 20:
  
 # Configuration parameters # Configuration parameters
-OC_PORT="4443" +VPN_PORT="4443" 
-OC_POOL="192.168.7.0 255.255.255.0" +VPN_POOL="192.168.7.0 255.255.255.0" 
-OC_DNS="${OC_POOL%.* *}.1" +VPN_DNS="${VPN_POOL%.* *}.1" 
-OC_USER="USERNAME" +VPN_USER="USERNAME" 
-OC_HASH="PASSWORD_HASH"+VPN_PASS="PASSWORD"
 </code> </code>
  
-==== 2. Firewall ====+==== 2. Key management ==== 
 +Generate password hash for VPN client. 
 + 
 +<code bash> 
 +# Generate password hash 
 +ocpasswd ${VPN_USER} << EOI 
 +${VPN_PASS} 
 +${VPN_PASS} 
 +EOI 
 +VPN_HASH="$(sed -n -e "/^${VPN_USER}:.*:/s///p" /etc/ocserv/ocpasswd)" 
 +</code> 
 + 
 +==== 3. Firewall ====
 Consider VPN network as private. Consider VPN network as private.
 Assign VPN interface to LAN zone to minimize firewall setup. Assign VPN interface to LAN zone to minimize firewall setup.
Line 50: Line 61:
 </code> </code>
  
-==== 3. VPN service ====+==== 4. VPN service ====
 Configure VPN service. Configure VPN service.
  
Line 57: Line 68:
 uci -q delete ocserv.config.enable uci -q delete ocserv.config.enable
 uci -q delete ocserv.config.zone uci -q delete ocserv.config.zone
-uci set ocserv.config.port="${OC_PORT}" +uci set ocserv.config.port="${VPN_PORT}" 
-uci set ocserv.config.ipaddr="${OC_POOL% *}" +uci set ocserv.config.ipaddr="${VPN_POOL% *}" 
-uci set ocserv.config.netmask="${OC_POOL#* }"+uci set ocserv.config.netmask="${VPN_POOL#* }"
 uci -q delete ocserv.@routes[0] uci -q delete ocserv.@routes[0]
 uci -q delete ocserv.@dns[0] uci -q delete ocserv.@dns[0]
 uci set ocserv.dns="dns" uci set ocserv.dns="dns"
-uci set ocserv.dns.ip="${OC_DNS}"+uci set ocserv.dns.ip="${VPN_DNS}"
 uci -q delete ocserv.@ocservusers[0] uci -q delete ocserv.@ocservusers[0]
 uci set ocserv.client="ocservusers" uci set ocserv.client="ocservusers"
-uci set ocserv.client.name="${OC_USER}" +uci set ocserv.client.name="${VPN_USER}" 
-uci set ocserv.client.password="${OC_HASH}"+uci set ocserv.client.password="${VPN_HASH}"
 uci commit ocserv uci commit ocserv
 /etc/init.d/ocserv restart /etc/init.d/ocserv restart
  • Last modified: 2024/10/17 17:27
  • by andrewz