Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:openconnect:server [2023/03/15 12:55] – old revision restored (2023/03/14 23:50) vgaetera | docs:guide-user:services:vpn:openconnect:server [2023/03/25 10:46] – [2. Key management] vgaetera | ||
|---|---|---|---|
| Line 12: | Line 12: | ||
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| Install the required packages. | Install the required packages. | ||
| - | Generate client [[docs: | ||
| Specify configuration parameters for VPN server. | Specify configuration parameters for VPN server. | ||
| Line 24: | Line 23: | ||
| VPN_POOL=" | VPN_POOL=" | ||
| VPN_DNS=" | VPN_DNS=" | ||
| - | VPN_HASH="$(cat ocpass.hash)" | + | VPN_USER="USERNAME" |
| + | VPN_PASS=" | ||
| </ | </ | ||
| - | ==== 2. Firewall ==== | + | ==== 2. Key management ==== |
| + | Generate password hash for VPN client. | ||
| + | |||
| + | <code bash> | ||
| + | # Generate password hash | ||
| + | ocpasswd ${VPN_USER} << EOI | ||
| + | ${VPN_PASS} | ||
| + | ${VPN_PASS} | ||
| + | EOI | ||
| + | VPN_HASH=" | ||
| + | </ | ||
| + | |||
| + | ==== 3. Firewall ==== | ||
| Consider VPN network as private. | Consider VPN network as private. | ||
| Assign VPN interface to LAN zone to minimize firewall setup. | Assign VPN interface to LAN zone to minimize firewall setup. | ||
| Line 49: | Line 61: | ||
| </ | </ | ||
| - | ==== 3. VPN service ==== | + | ==== 4. VPN service ==== |
| Configure VPN service. | Configure VPN service. | ||
| Line 65: | Line 77: | ||
| uci -q delete ocserv.@ocservusers[0] | uci -q delete ocserv.@ocservusers[0] | ||
| uci set ocserv.client=" | uci set ocserv.client=" | ||
| - | uci set ocserv.client.name=" | + | uci set ocserv.client.name=" |
| - | uci set ocserv.client.password=" | + | uci set ocserv.client.password=" |
| uci commit ocserv | uci commit ocserv | ||
| / | / | ||