AnyConnect搭建

安装

apt-get install ocserv

添加账号密码

ocpasswd -c /etc/ocserv/ocpasswd guest

生成证书

// 安装easy-rsa
sudo apt-get install easy-rsa

cd /usr/share/easy-rsa

// 配置vars,设置easy-rsa目录,keys生成目录
sudo vim vars

// 载入vars
source ./vars

// 生成cnf
sudo cp openssl-1.0.0.cnf openssl.cnf

// 生成ca证书
./build-ca

// 生成server证书,并设置common name
./build-key-server server

编辑配置

vim /etc/ocserv/ocserv.conf

参考配置,设置证书文件路径

auth = "plain[/etc/ocserv/ocpasswd]"
listen-host-is-dyndns = true
tcp-port = 11130
udp-port = 11130
run-as-user = nobody
run-as-group = daemon
socket-file = /var/run/ocserv-socket
server-cert = /etc/ocserv/ssl/server.crt
server-key = /etc/ocserv/ssl/server.key
ca-cert =  /etc/ocserv/ssl/ca.crt
isolate-workers = false
max-clients = 16
max-same-clients = 2
keepalive = 360000
dpd = 90
mobile-dpd = 1800
try-mtu-discovery = true
cert-user-oid = 2.5.4.3
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
auth-timeout = 240
min-reauth-time = 300
max-ban-score = 50
ban-reset-time = 300
cookie-timeout = 86400
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /var/run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 10.12.0.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 8.8.4.4
#dns = 114.114.114.114
ping-leases = false
no-route = 192.168.1.0/255.255.255.0
cisco-client-compat = true
dtls-legacy = true

设置防火墙

iptables -I INPUT -p tcp --dport 11130 -j ACCEPT
iptables -I INPUT -p udp --dport 11130 -j ACCEPT
iptables -D INPUT -p tcp --dport 11130 -j ACCEPT
iptables -D INPUT -p udp --dport 11130 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 10.12.0.0/24 -j ACCEPT

设置流量转发

sudo vim /etc/sysctl.conf

// 取消注释
net.ipv4.ip_forward=1

// 加载修改
sysctl -p

推荐阅读更多精彩内容

  • Spring Cloud为开发人员提供了快速构建分布式系统中一些常见模式的工具(例如配置管理,服务发现,断路器,智...
    卡卡罗2017阅读 70,968评论 12 116
  • pdf下载地址:Java面试宝典 第一章内容介绍 20 第二章JavaSE基础 21 一、Java面向对象 21 ...
    王震阳阅读 73,521评论 25 504
  • Spring Boot 参考指南 介绍 转载自:https://www.gitbook.com/book/qbgb...
    毛宇鹏阅读 34,999评论 5 337
  • 更换源的方法非常简单:修改/etc/apt/sources.list文件即可 cd /etc/apt 备份 sud...
    锐锐君Leo阅读 142评论 0 0
  • 今天在完成基本日常任务之余,把喜马拉雅上萌姐的《人生管理课》所有的音频都又听了一遍,边听边做笔记,并对每一课都写下...
    向着美好奔跑阅读 6评论 0 0