packages

mirror of https://github.com/novatiq/packages.git synced 2026-06-22 21:30:27 +01:00

Files

T

Florian Fainelli 70c10c0a5e openconnect: allow specifying "os"

Some servers might be implementing ACLs based on the value specified by
openconnect for "os", allow that to be configured.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

2015-04-04 12:31:49 -07:00

files

openconnect: allow specifying "os"

2015-04-04 12:31:49 -07:00

Config.in

openconnect: add an option to support stoken

2014-12-07 21:18:52 -08:00

Makefile

openconnect: upgraded to 7.05

2015-03-14 14:12:03 +01:00

README

openconnect: list the defaultroute option

2015-03-29 21:02:58 +02:00

README

The openconnect client expects to be configured using the uci interface.

To setup a VPN connection, add the following to /etc/config/network:

config interface 'MYVPN'
        option proto 'openconnect'
        option interface 'wan'
        option server 'vpn.example.com'
        option port '4443'
        option username 'test'
        option password 'secret'
        option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
        option token_mode 'rsa' # when built with stoken support
        option token_secret 'secret' # when built with stoken support
	option defaultroute '0'
        option authgroup 'DEFAULT'

The additional files are also used:
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)

After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface
(Network -> Interfaces -> MYVPN Connect).

Note that you need to configure the firewall to allow communication between
the MYVPN interface and lan.


There is a luci plugin to allow configuring an openconnect interface from
the web environment; see the luci-proto-openconnect package.