LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4125 Commits
1 Branch
46 MiB
Tree: 197a2c210f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '197a2c210f'
${ noResults }
openwrt-packages-dist/net/ocserv/README

91 lines
2.6 KiB
Raw Normal View History

ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: added default_domain config option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: update to 0.9.0 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: corrected port descriptions in README Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: corrected port descriptions in README Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv/openconnect: updated documentation on the luci components Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
 
  1. The openconnect server expects to be configured using the uci interface.
  2. 

  3. It is recommended to setup a dynamic DNS address with openwrt prior
  4. to starting the server. That is because during the first startup
  5. a certificate file which contain the setup dynamic DNS name will be
  6. created.
  7. 

  8. To setup a server the provides access to LAN with network address
  9. 10.100.2.0/255.255.255.0 using the VPN address range
  10. 10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
  11. 

  12. ----/etc/config/ocserv-------------------------------------------
  13. config ocserv 'config'
  14. 	option port '4443'
  15. 	option dpd '120'
  16. 	option max_clients '8'
  17. 	option max_same '2'
  18. 	option netmask '255.255.255.0'
  19. 	option ipaddr '10.100.3.0'
  20. 	option auth 'plain'
  21. 	option zone 'vpn'
  22. 	option default_domain 'lan'
  23. 	option compression '1'
  24. 	option enable '1'
  25. 

  26. config dns
  27. 	option ip '10.100.2.1'
  28. 

  29. config routes
  30. 	option ip '10.100.2.0'
  31. 	option netmask '255.255.255.0'
  32. 

  33. config ocservusers
  34. 	option name 'test'
  35. 	option password '$5$unl8uKAGNsdTh9zm$PnUHEGhDc5VHbFE2EfWwW38Bub6Y6EZ5hrFwZE1r2F1'
  36. 

  37. -----------------------------------------------------------------
  38. 

  39. This configuration also adds the user "test" with password "test". The
  40. password is specified in the crypt(3) format.
  41. 

  42. The server can be enabled and started using:
  43. # /etc/init.d/ocserv enable
  44. # /etc/init.d/ocserv start
  45. 

  46. 

  47. To simplify firewall configuration, you should setup an unmanaged interface
  48. (e.g., called vpn), and will have assigned the 'vpns+' interfaces. Then a zone
  49. called vpn should be setup to handle interactions with lan. An example
  50. follows:
  51. ----/etc/config/network------------------------------------------
  52. config interface 'vpn'
  53.         option proto 'none'
  54.         option ifname 'vpns+'
  55. -----------------------------------------------------------------
  56. 

  57. ----/etc/config/firewall-----------------------------------------
  58. config zone
  59.         option input 'ACCEPT'
  60.         option forward 'REJECT'
  61.         option output 'ACCEPT'
  62.         option name 'vpn'
  63.         option device 'vpns+'
  64.         option network 'vpn'
  65. 

  66. config forwarding
  67.         option dest 'lan'
  68.         option src 'vpn'
  69. 

  70. config forwarding
  71.         option dest 'vpn'
  72.         option src 'lan'
  73. 

  74. config rule
  75.         option target 'ACCEPT'
  76.         option src 'wan'
  77.         option proto 'tcp'
  78.         option dest_port '4443'
  79.         option name 'vpn'
  80. 

  81. config rule
  82.         option target 'ACCEPT'
  83.         option src 'wan'
  84.         option proto 'udp'
  85.         option dest_port '4443'
  86.         option name 'vpn'
  87. -----------------------------------------------------------------
  88. 

  89. 

  90. There is a luci plugin to allow configuring the server from
  91. the web environment; see the package luci-app-ocserv.