|
|
|
@ -0,0 +1,30 @@ |
|
|
|
The openconnect client expects to be configured using the uci interface. |
|
|
|
|
|
|
|
To setup a VPN connection, add the following to /etc/config/network: |
|
|
|
|
|
|
|
config interface 'MYVPN' |
|
|
|
option _orig_ifname 'vpnc' |
|
|
|
option _orig_bridge 'false' |
|
|
|
option proto 'openconnect' |
|
|
|
option server 'vpn.example.com' |
|
|
|
option port '4443' |
|
|
|
option username 'test' |
|
|
|
option password 'secret' |
|
|
|
option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25' |
|
|
|
|
|
|
|
The additional files are also used: |
|
|
|
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate |
|
|
|
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key |
|
|
|
/etc/openconnect/ca-cert-vpn-MYVPN.pem: The CA certificate (instead of serverhash) |
|
|
|
|
|
|
|
After these are setup you can initiate the VPN using "ifup MYVPN", and |
|
|
|
deinitialize it using ifdown. You may also use the luci web interface |
|
|
|
(Network -> Interfaces -> AVPN Connect). |
|
|
|
|
|
|
|
Note that you need to configure the firewall to allow communication between |
|
|
|
the MYVPN interface and lan. |
|
|
|
|
|
|
|
|
|
|
|
There is a luci plugin to allow configuring an openconnect interface from |
|
|
|
the web environment, available as patch over luci at |
|
|
|
https://github.com/nmav/luci-openconnect/tree/openconnect |
Nikos Mavrogiannopoulos
11 years ago