The OpenConnect VPN server (ocserv) is an open source Linux SSL VPN
server designed for organizations that require a remote access VPN with
enterprise user management and control. It follows the openconnect
protocol and is the counterpart of the openconnect VPN client. It is
also compatible with CISCO's AnyConnect SSL VPN.
The OpenConnect VPN is less vulnerable to detection than OpenVPN, IPSec,
and WireGuard because it looks like a normal https connection (if udp is
not used).
The program consists of:
1. ocserv, the main server application
2. occtl, the server's control tool. A tool which allows one to query
the server for information.
3. ocpasswd, a tool to administer simple password files.
A user and group "ocserv" must exist prior to running this script.
To create them run as root:
groupadd -g 382 ocserv
useradd -u 382 -g 382 -s /sbin/nologin -M ocserv
In order to start ocserv at boot and stop it properly at shutdown,
make sure rc.local and rc.local_shutdown contain the following lines:
/etc/rc.d/rc.local
==================
# Start ocserv
if [ -x /etc/rc.d/rc.ocserv ]; then
/etc/rc.d/rc.ocserv start
fi
/etc/rc.d/rc.local_shutdown
===========================
# Stop ocserv
if [ -x /etc/rc.d/rc.ocserv ]; then
/etc/rc.d/rc.ocserv stop
fi