LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27337 Commits
1 Branch
46 MiB
Branch: lilik-openwrt-22.03
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'lilik-openwrt-22.03'
${ noResults }
openwrt-packages-dist/net/openconnect/README

61 lines
1.9 KiB
Raw Permalink Normal View History

openconnect: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: unify indentation in README Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years ago
openconnect: list the defaultroute option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: unify indentation in README Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years ago
openconnect: Allow to set `usergroup` option in OpenConnect Just adding the extra option `-g|--usergroup <group>` (required by the VPN server I'm currently using) Signed-off-by: Marco Gulino <marco@gulinux.net>
4 years ago
openconnect: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: updated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: unify indentation in README Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years ago
openconnect: updated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: unify indentation in README Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years ago
openconnect: updated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: support reading password from script "token_mode" add support for "script", which execute "token_script" to get the password. Some token is not supported by OpenConnect natively, e.g. "MobilePass" or "Softoken II" used in Cisco VPN Signed-off-by: Gavin Ni <gisngy@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years ago
openconnect: allow specify --protocol from config openconnect v8.10 supports 4 VPN protocols --protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default) --protocol=nc Compatible with Juniper Network Connect --protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN --protocol=pulse Compatible with Pulse Connect Secure SSL VPN This patch allows user to specify protocol use the new "vpn_protocol" option and deprecate the old option "juniper" which seems to be missing in the current openconnect client. Signed-off-by: Mengyang Li <mayli.he@gmail.com>
4 years ago
openconnect: add options to support juniper Signed-off-by: Vladimir Berezhnoy <non7top@gmail.com>
7 years ago
openconnect: allow specifying form_entry list Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years ago
openconnect: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
Revert "openconnect: move certificate files to config/ to add graceful upgrade" This reverts commit b53e5bfe875d673fc8a57a4766d7af6fc1b3e074.
10 years ago
openconnect: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: corrected instructions Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
openconnect: update README Signed-off-by: Gottfried Haider <gottfried.haider@gmail.com>
10 years ago
 
  1. The openconnect client expects to be configured using the uci interface.
  2. 

  3. To setup a VPN connection, add the following to /etc/config/network:
  4. 

  5. config interface 'MYVPN'
  6. 	option proto 'openconnect'
  7. 	option interface 'wan'
  8. 	option server 'vpn.example.com'
  9. 	option port '4443'
  10. 	option username 'test'
  11. 	option password 'secret'
  12. 	option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
  13. 	option defaultroute '0'
  14. 	option authgroup 'DEFAULT'
  15. 	# usergroup option, if required by some servers
  16. 	# option usergroup 'USERGROUP'
  17. 

  18. 	# For second factor auth:
  19. 

  20. 	# when a fixed 2FA password can be used
  21. 	#option password2 'my-fixed-2fa-password'
  22. 

  23. 	# RSA tokens, must be built with stoken support
  24. 	#option token_mode 'rsa'
  25. 	#option token_secret 'secret'
  26. 

  27. 	# HOTP/TOTP tokens
  28. 	#option token_mode 'hotp'
  29. 	#option token_secret '00'
  30. 

  31. 	# tokens from script
  32. 	#option token_mode 'script'
  33. 	#option token_script '/lib/custom/getocpass.sh'
  34. 

  35. 	# For non-anyconnect vpn protocols
  36. 	# Cisco AnyConnect (default)
  37. 	#option vpn_protocol 'anyconnect'
  38. 	# Juniper Network Connect
  39. 	#option vpn_protocol 'nc'
  40. 	# Palo Alto Networks GlobalProtect
  41. 	#option vpn_protocol 'gp'
  42. 	# Pulse Connect Secure
  43. 	#option vpn_protocol 'pulse'
  44. 

  45. 	# Authentication form responses
  46. 	#list form_entry FORM:OPT=VAL
  47. 

  48. The additional files are also used:
  49. /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
  50. /etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
  51. /etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
  52. 

  53. After these are setup you can initiate the VPN using "ifup MYVPN", and
  54. deinitialize it using ifdown. You may also use the luci web interface
  55. (Network -> Interfaces -> MYVPN Connect).
  56. 

  57. Note that you need to configure the firewall to allow communication between
  58. the MYVPN interface and lan.
  59. 

  60. There is a luci plugin to allow configuring an openconnect interface from
  61. the web environment; see the luci-proto-openconnect package.