LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4151 Commits
1 Branch
46 MiB
Tree: 25eeddbb21
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '25eeddbb21'
${ noResults }
openwrt-packages-dist/net/ocserv/README

90 lines
2.6 KiB
Raw Normal View History

ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: added default_domain config option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: update to 0.9.0 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: removed unecessary instructions and script Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: corrected port descriptions in README Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
openconnect: corrected port descriptions in README Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: more explicit documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 years ago
ocserv: added info on setting up firewall Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10 years ago
ocserv: Added README file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
ocserv/openconnect: updated documentation on the luci components Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 years ago
 
  1. The openconnect server expects to be configured using the uci interface.
  2. 

  3. It is recommended to setup a dynamic DNS address with openwrt prior
  4. to starting the server. That is because during the first startup
  5. a certificate file which contain the setup dynamic DNS name will be
  6. created.
  7. 

  8. To setup a server the provides access to LAN with network address
  9. 10.100.2.0/255.255.255.0 using the VPN address range
  10. 10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
  11. 

  12. ----/etc/config/ocserv-------------------------------------------
  13. config ocserv 'config'
  14. 	option port '4443'
  15. 	option dpd '120'
  16. 	option max_clients '8'
  17. 	option max_same '2'
  18. 	option netmask '255.255.255.0'
  19. 	option ipaddr '10.100.3.0'
  20. 	option auth 'plain'
  21. 	option default_domain 'lan'
  22. 	option compression '1'
  23. 	option enable '1'
  24. 

  25. config dns
  26. 	option ip '10.100.2.1'
  27. 

  28. config routes
  29. 	option ip '10.100.2.0'
  30. 	option netmask '255.255.255.0'
  31. 

  32. config ocservusers
  33. 	option name 'test'
  34. 	option password '$5$unl8uKAGNsdTh9zm$PnUHEGhDc5VHbFE2EfWwW38Bub6Y6EZ5hrFwZE1r2F1'
  35. 

  36. -----------------------------------------------------------------
  37. 

  38. This configuration also adds the user "test" with password "test". The
  39. password is specified in the crypt(3) format.
  40. 

  41. The server can be enabled and started using:
  42. # /etc/init.d/ocserv enable
  43. # /etc/init.d/ocserv start
  44. 

  45. 

  46. To simplify firewall configuration, you should setup an unmanaged interface
  47. (e.g., called vpn), and will have assigned the 'vpns+' interfaces. Then a zone
  48. called vpn should be setup to handle interactions with lan. An example
  49. follows:
  50. ----/etc/config/network------------------------------------------
  51. config interface 'vpn'
  52.         option proto 'none'
  53.         option ifname 'vpns+'
  54. -----------------------------------------------------------------
  55. 

  56. ----/etc/config/firewall-----------------------------------------
  57. config zone
  58.         option input 'ACCEPT'
  59.         option forward 'ACCEPT'
  60.         option output 'ACCEPT'
  61.         option name 'vpn'
  62.         option device 'vpns+'
  63.         option network 'vpn'
  64. 

  65. config forwarding
  66.         option dest 'lan'
  67.         option src 'vpn'
  68. 

  69. config forwarding
  70.         option dest 'vpn'
  71.         option src 'lan'
  72. 

  73. config rule
  74.         option target 'ACCEPT'
  75.         option src 'wan'
  76.         option proto 'tcp'
  77.         option dest_port '4443'
  78.         option name 'vpn'
  79. 

  80. config rule
  81.         option target 'ACCEPT'
  82.         option src 'wan'
  83.         option proto 'udp'
  84.         option dest_port '4443'
  85.         option name 'vpn'
  86. -----------------------------------------------------------------
  87. 

  88. 

  89. There is a luci plugin to allow configuring the server from
  90. the web environment; see the package luci-app-ocserv.