Code Monkey home page Code Monkey logo

ocserv-docker's Introduction

Create a docker based Ocserv server

Server side configuration

  1. This assume you are running in root

  2. Install docker service on your Linux server

See https://docs.docker.com/engine/installation/linux/

  1. Download the source code. This is necessary as the source repo contains some admin tools under tools/ for host machine.

cd ~;git clone https://github.com/mahxd/ocserv-docker.git.

Before this, you need to install git first if you don't have git installed

#debian based: 
apt install git 

#redhat based:
yum install git

  1. Change current working directory to "ocserv-docker" cd ocserv-docker

  2. Generate the root CA certifate if you don't have one by:

    #debian based:
apt install gnutls-bin

#redhat based:
yum install gnutls-utils

chmod +x tools/*

tools/create-root-certificates

    It creates root certificate under etc/certs/

  3. Generate the server certifate for current VPN server:

    tools/create-server-certificates <Enter your VPN server IP address>

  4. Customize the configuration etc/ocserv.conf

  5. open ports using your os firewall like firewalld (firewall-cmd redhat bases) or ufw (debian based) if you don't want to enable firewall ignore this part.

    #debian based
ufw allow 443

    #redhat based
firewall-cmd --add-port=443/tcp --permanent 
firewall-cmd --add-port=443/udp --permanent
firewall-cmd --reload
firewall-cmd --state
    OR Config ip tables (following open ssh,https port and icmp annd block other ports not recommended for regulare users) 
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT  
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p udp --dport 443 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

    After this, please restart the docker service to generate additional iptables rules for docker.

    systemctl restart docker

    For more info on iptables config, please check https://www.vultr.com/docs/setup-iptables-firewall-on-centos-6

  6. Start the ocserver using docker compose (recommended)

    docker compose pull

docker compose up -d

docker compose ps

    Or using docker command

    docker run -d --privileged -v $(pwd)/etc:/etc/ocserv -p 443:443/tcp -p 443:443/udp seanzhong/ocserv-docker

  7. Check whether the service is running by: docker logs <docker container id>

    the docker container id can be found by docker ps

  8. Check whether the port 443 is serving: netstat -nap | grep 443

  9. All done.

Client side configuration

  1. Create a user

This will add an user entry to etc/ocpasswd and save the password to username.password under etc/user/

tools/create-user user_name password

NOTE: Please change etc/certs/client.template to meet your demand.

  1. Download the Cisco AnyConnect or open connect and connect to vpn
android:
	https://play.google.com/store/apps/details?id=com.github.digitalsoftwaresolutions.openconnect&hl=en&gl=US 
	https://play.google.com/store/apps/details?id=com.cisco.anyconnect.vpn.android.avf&hl=en&gl=US

IOS:	https://apps.apple.com/de/app/cisco-anyconnect/id1135064690

Windows:https://github.com/openconnect/openconnect-gui/releases/download/v1.5.3/openconnect-gui-1.5.3-win32.exe
	https://openconnect.github.io/openconnect-gui/
	OR any connect
	http://www.hostwaydcs.com/CISCO/AnyConnect/anyconnect-win-4.10.05095-predeploy-k9.zip

linux: ubuntu:  sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome
		>> create new vpn connection in network manager 
		>> type cisco anyconnect 
		>> just enter gateway address 
		>> add >> then connect
		
	OR command line
	sudo openconnect server-address:port
	with password
	echo your-password | sudo openconnect server-address:port -u your-username
	require-pfs option
	echo your-password | sudo openconnect --pfs server-address:port -u your-username
		
	OR anyconnect
	http://www.hostwaydcs.com/CISCO/AnyConnect/anyconnect-linux64-4.10.05095-predeploy-deb-k9.tar.gz
	http://www.hostwaydcs.com/CISCO/AnyConnect/anyconnect-linux64-4.10.05095-predeploy-k9.tar.gz
	

MAC:	http://www.hostwaydcs.com/CISCO/AnyConnect/anyconnect-macos-4.9.04043-predeploy-k9.dmg

  1. Enter the VPN server IP and make the connection

  2. Done.

More notes:

Upstream doc:

https://github.com/wppurking/ocserv-docker

and

https://github.com/clockfly/ocserv-docker

ocserv-docker's People

Contributors

wppurking avatar mahxd avatar wyattpan avatar catatnight avatar hongqn avatar clockfly avatar krizex avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.