You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

61 lines
1.9 KiB

  1. The openconnect client expects to be configured using the uci interface.
  2. To setup a VPN connection, add the following to /etc/config/network:
  3. config interface 'MYVPN'
  4. option proto 'openconnect'
  5. option interface 'wan'
  6. option server 'vpn.example.com'
  7. option port '4443'
  8. option username 'test'
  9. option password 'secret'
  10. option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
  11. option defaultroute '0'
  12. option authgroup 'DEFAULT'
  13. # usergroup option, if required by some servers
  14. # option usergroup 'USERGROUP'
  15. # For second factor auth:
  16. # when a fixed 2FA password can be used
  17. #option password2 'my-fixed-2fa-password'
  18. # RSA tokens, must be built with stoken support
  19. #option token_mode 'rsa'
  20. #option token_secret 'secret'
  21. # HOTP/TOTP tokens
  22. #option token_mode 'hotp'
  23. #option token_secret '00'
  24. # tokens from script
  25. #option token_mode 'script'
  26. #option token_script '/lib/custom/getocpass.sh'
  27. # For non-anyconnect vpn protocols
  28. # Cisco AnyConnect (default)
  29. #option vpn_protocol 'anyconnect'
  30. # Juniper Network Connect
  31. #option vpn_protocol 'nc'
  32. # Palo Alto Networks GlobalProtect
  33. #option vpn_protocol 'gp'
  34. # Pulse Connect Secure
  35. #option vpn_protocol 'pulse'
  36. # Authentication form responses
  37. #list form_entry FORM:OPT=VAL
  38. The additional files are also used:
  39. /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
  40. /etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
  41. /etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
  42. After these are setup you can initiate the VPN using "ifup MYVPN", and
  43. deinitialize it using ifdown. You may also use the luci web interface
  44. (Network -> Interfaces -> MYVPN Connect).
  45. Note that you need to configure the firewall to allow communication between
  46. the MYVPN interface and lan.
  47. There is a luci plugin to allow configuring an openconnect interface from
  48. the web environment; see the luci-proto-openconnect package.