- The openconnect client expects to be configured using the uci interface.
-
- To setup a VPN connection, add the following to /etc/config/network:
-
- config interface 'MYVPN'
- option proto 'openconnect'
- option interface 'wan'
- option server 'vpn.example.com'
- option port '4443'
- option username 'test'
- option password 'secret'
- option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
- option token_mode 'rsa' # when built with stoken support
- option token_secret 'secret' # when built with stoken support
- option defaultroute '0'
- option authgroup 'DEFAULT'
-
- The additional files are also used:
- /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
- /etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
- /etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
-
- After these are setup you can initiate the VPN using "ifup MYVPN", and
- deinitialize it using ifdown. You may also use the luci web interface
- (Network -> Interfaces -> MYVPN Connect).
-
- Note that you need to configure the firewall to allow communication between
- the MYVPN interface and lan.
-
-
- There is a luci plugin to allow configuring an openconnect interface from
- the web environment; see the luci-proto-openconnect package.
|