The openconnect server expects to be configured using the uci interface.
To setup a server the provides access to LAN with network address
10.100.2.0/255.255.255.0 using the VPN address range
10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
----/etc/config/ocserv-------------------------------------------
config ocserv 'config'
option port '4443'
option dpd '120'
option max_clients '8'
option max_same '2'
option netmask '255.255.255.0'
option ipaddr '10.100.3.0'
option auth 'plain'
option zone 'vpn'
option default_domain 'lan'
option compression '1'
option enable '1'
config dns
option ip '10.100.2.1'
config routes
option ip '10.100.2.0'
option netmask '255.255.255.0'
config ocservusers
option name 'test'
option password '$5$unl8uKAGNsdTh9zm$PnUHEGhDc5VHbFE2EfWwW38Bub6Y6EZ5hrFwZE1r2F1'
-----------------------------------------------------------------
This configuration also adds the user "test" with password "test". The
password is specified in the crypt(3) format.
The server can be enabled and started using:
# /etc/init.d/ocserv enable
# /etc/init.d/ocserv start
To simplify firewall configuration, you should setup an unmanaged interface
(e.g., called vpn), and will have assigned the 'vpns+' interfaces. Then a zone
called vpn should be setup to handle interactions with lan. An example
follows:
----/etc/config/network------------------------------------------
config interface 'vpn'
option proto 'none'
option ifname 'vpns+'
-----------------------------------------------------------------
----/etc/config/firewall-----------------------------------------
config zone
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option name 'vpn'
option device 'vpns+'
option network 'vpn'
config forwarding
option dest 'lan'
option src 'vpn'
config forwarding
option dest 'vpn'
option src 'lan'
-----------------------------------------------------------------
There is a luci plugin to allow configuring the server from
the web environment; see the package luci-app-ocserv.