OpenConnect服务端（ocserv）安装

环境

系统：CentOS 7.8

准备

• 安装YUM扩展源

  # yum install epel-release
  

• 开启IP转发

  # vim /etc/sysctl.conf
  net.ipv4.ip_forward = 1
  
  # sysctl -p
  

安装配置

• 安装ocserv

  # yum install ocserv
  

• 生成Server密钥和证书

• 配置ocserv

  # cd /etc/ocserv/
  # cp ocserv.conf ocserv.conf.org
  
  # vim ocserv.conf
  auth = "plain[passwd=/etc/ocserv/ocpasswd]"
  #auth = "certificate"  使用证书认证时切换到此项
  tcp-port = 443
  #udp-port = 443
  max-clients = 128
  max-same-clients = 4
  try-mtu-discovery = true
  server-cert = /data/ssl/server-cert.pem
  server-key = /data/ssl/server-key.pem
  ca-cert = /data/ssl/ca-cert.pem
  cert-user-oid = 2.5.4.3
  ipv4-network = 172.16.1.0/24
  dns = 192.168.0.10
  route = 10.1.0.0/16
  

• 添加客户端账号

  # ocpasswd -c /etc/ocserv/ocpasswd vpnuser
  Enter password: yourpass
  Re-enter password: yourpass
  

• 配置防火墙

  • iptables

    # iptables -I INPUT -p tcp --dport 443 -j ACCEPT
    # iptables -I INPUT -p udp --dport 443 -j ACCEPT
    # iptables -t nat -A POSTROUTING -j MASQUERADE
    # /etc/rc.d/init.d/iptables save
    

  • firewalld

    # firewall-cmd --add-port=443/tcp --permanent
    # firewall-cmd --add-port=443/udp --permanent
    # firewall-cmd --add-masquerade --permanent
    # firewall-cmd --reload
    

启动

• 启动ocserv

  # systemctl enable ocserv
  # systemctl restart ocserv
  

客户端安装

参见：https://www.jianshu.com/p/e92eb7b54d1d