40 lines
1.3 KiB
Plaintext
40 lines
1.3 KiB
Plaintext
The OpenConnect VPN server (ocserv) is an open source Linux SSL VPN
|
|
server designed for organizations that require a remote access VPN with
|
|
enterprise user management and control. It follows the openconnect
|
|
protocol and is the counterpart of the openconnect VPN client. It is
|
|
also compatible with CISCO's AnyConnect SSL VPN.
|
|
|
|
The OpenConnect VPN is less vulnerable to detection than OpenVPN, IPSec,
|
|
and WireGuard because it looks like a normal https connection (if udp is
|
|
not used).
|
|
|
|
The program consists of:
|
|
|
|
1. ocserv, the main server application
|
|
2. occtl, the server's control tool. A tool which allows one to query
|
|
the server for information.
|
|
3. ocpasswd, a tool to administer simple password files.
|
|
|
|
A user and group "ocserv" must exist prior to running this script.
|
|
To create them run as root:
|
|
groupadd -g 382 ocserv
|
|
useradd -u 382 -g 382 -s /sbin/nologin -M ocserv
|
|
|
|
|
|
In order to start ocserv at boot and stop it properly at shutdown,
|
|
make sure rc.local and rc.local_shutdown contain the following lines:
|
|
|
|
/etc/rc.d/rc.local
|
|
==================
|
|
# Start ocserv
|
|
if [ -x /etc/rc.d/rc.ocserv ]; then
|
|
/etc/rc.d/rc.ocserv start
|
|
fi
|
|
|
|
/etc/rc.d/rc.local_shutdown
|
|
===========================
|
|
# Stop ocserv
|
|
if [ -x /etc/rc.d/rc.ocserv ]; then
|
|
/etc/rc.d/rc.ocserv stop
|
|
fi
|