OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: Vort3x.Layers on February 20, 2019, 10:15:47 pm
-
Please take a look at these links :
openconnect / ocserv (https://github.com/openconnect/ocserv)
openconnect / ocserv Installation - CentOS, RHEL, Fedora (https://ocserv.gitlab.io/www/recipes-ocserv-installation-CentOS-RHEL-Fedora.html)
I have centos 7.6 as server with public ip.
Also in client machine i have windows 7 os with wireless internet.
I followed these commands to install openconnect on server machine :
sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf
And here is ocserv.conf file :
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
tcp-port = 8090
udp-port = 8090
run-as-user = ocserv
run-as-group = ocserv
socket-file = ocserv.sock
chroot-dir = /var/lib/ocserv
isolate-workers = true
max-clients = 5
max-same-clients = 1
keepalive = 32400
dpd = 90
mobile-dpd = 1800
switch-to-tcp-timeout = 25
try-mtu-discovery = true
server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key
ca-cert = /etc/pki/ocserv/cacerts/ca.crt
cert-user-oid = 0.9.2342.19200300.100.1.1
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
auth-timeout = 240
min-reauth-time = 300
max-ban-score = 50
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /var/run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 8.8.4.4
ping-leases = false
cisco-client-compat = true
dtls-legacy = true
user-profile = profile.xml
# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.
#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64
After editing ocserv.conf i did these commands :
sudo systemctl start ocserv
sudo systemctl enable ocserv
sudo systemctl status ocservNow i downloaded gui software from here (https://github.com/openconnect/openconnect-gui) on client machine.
Client machine can connect to openconnect with username test successfully.
But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.
What should i do on server machine to fix this problem?
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
P.S.
Firewall is off on both server & client.
I did nothing about routing or forwarding.
I am not familiar with them.
1-routing
Can you explain about #route = parts in ocserv.config file? Should i create line(s) about that(them) or not?
2-ip forwarding
Also can you explain about IP Forwarding > net.ipv4.ip_forward = 13-network adapter
I have one network adapter on server machine? how many network adapter(s) is needed for openconnect vpn? 1 or 2?
Also i found this link (https://serverfault.com/questions/851035/connected-to-openvpn-but-no-internet-connection) about my situation. But not satisfy.
MY GOAL FROM THIS VPN SERVER IS : LET MY CLIENT TO BYPASS INTERNET CENSORSHIP(FILTERING)
-
Where is the OPNsense?
-
Hi mimugmail,
There is no opnsense.
-
:o