You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

32 lines
1.3 KiB

  1. The openconnect client expects to be configured using the uci interface.
  2. To setup a VPN connection, add the following to /etc/config/network:
  3. config interface 'MYVPN'
  4. option proto 'openconnect'
  5. option interface 'wan'
  6. option server 'vpn.example.com'
  7. option port '4443'
  8. option username 'test'
  9. option password 'secret'
  10. option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
  11. option token_mode 'rsa' # when built with stoken support
  12. option token_secret 'secret' # when built with stoken support
  13. option defaultroute '0'
  14. option authgroup 'DEFAULT'
  15. The additional files are also used:
  16. /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
  17. /etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
  18. /etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
  19. After these are setup you can initiate the VPN using "ifup MYVPN", and
  20. deinitialize it using ifdown. You may also use the luci web interface
  21. (Network -> Interfaces -> MYVPN Connect).
  22. Note that you need to configure the firewall to allow communication between
  23. the MYVPN interface and lan.
  24. There is a luci plugin to allow configuring an openconnect interface from
  25. the web environment; see the luci-proto-openconnect package.