Messages

Hi mimugmail,
There is no opnsense.

[public ip]

Please take a look at these links :   
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora 
I have centos 7.6 as server with public ip.   
Also in client machine i have windows 7 os with wireless internet.   
I followed these commands to install openconnect on server machine :   

Code Select Expand

   
    sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
    sudo yum -y install epel-release
    sudo yum repolist enabled
    sudo yum info ocserv
    sudo yum -y install ocserv
    sudo ocpasswd -c /etc/ocserv/ocpasswd test
    123
    nano -K /etc/ocserv/ocserv.conf

And here is ocserv.conf file : 

   

Code Select Expand


    auth = "plain[passwd=/etc/ocserv/ocpasswd]"
   
    tcp-port = 8090
    udp-port = 8090
   
    run-as-user = ocserv
    run-as-group = ocserv
   
    socket-file = ocserv.sock
   
    chroot-dir = /var/lib/ocserv
   
    isolate-workers = true
   
    max-clients = 5
   
    max-same-clients = 1
   
    keepalive = 32400
   
    dpd = 90
   
    mobile-dpd = 1800
   
    switch-to-tcp-timeout = 25
   
    try-mtu-discovery = true
   
    server-cert = /etc/pki/ocserv/public/server.crt
    server-key = /etc/pki/ocserv/private/server.key
   
    ca-cert = /etc/pki/ocserv/cacerts/ca.crt
   
    cert-user-oid = 0.9.2342.19200300.100.1.1
   
    tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
   
    auth-timeout = 240
   
    min-reauth-time = 300
   
    max-ban-score = 50
   
    ban-reset-time = 300
   
    cookie-timeout = 300
   
    deny-roaming = false
   
    rekey-time = 172800
   
    rekey-method = ssl
   
    use-occtl = true
   
    pid-file = /var/run/ocserv.pid
   
    device = vpns
   
    predictable-ips = true
   
    default-domain = example.com
   
    ipv4-network = 192.168.102.0
    ipv4-netmask = 255.255.255.0
   
    dns = 8.8.8.8
    dns = 8.8.4.4
   
    ping-leases = false
   
    cisco-client-compat = true
   
    dtls-legacy = true
   
    user-profile = profile.xml
   
    # Routes to be forwarded to the client. If you need the
    # client to forward routes to the server, you may use the
    # config-per-user/group or even connect and disconnect scripts.
    #
    # To set the server as the default gateway for the client just
    # comment out all routes from the server, or use the special keyword
    # 'default'.
   
    #route = 10.10.10.0/255.255.255.0
    #route = 192.168.0.0/255.255.0.0
    #route = fef4:db8:1000:1001::/64

After editing ocserv.conf i did these commands :   

Code Select Expand


    sudo systemctl start ocserv
    sudo systemctl enable ocserv
    sudo systemctl status ocserv
Now i downloaded gui software from here on client machine.   
Client machine can connect to openconnect with username test successfully. 
But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.   
What should i do on server machine to fix this problem?   
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
P.S.
Firewall is off on both server & client.   
I did nothing about routing or forwarding.     
I am not familiar with them.   

1-routing
Can you explain about #route = parts in ocserv.config file? Should i create line(s) about that(them) or not?
2-ip forwarding
Also can you explain about IP Forwarding >

Code Select Expand

net.ipv4.ip_forward = 1
3-network adapter
I have one network adapter on server machine? how many network adapter(s) is needed for openconnect vpn? 1 or 2?

Also i found this link about my situation. But not satisfy.

MY GOAL FROM THIS VPN SERVER IS : LET MY CLIENT TO BYPASS INTERNET CENSORSHIP(FILTERING)