Freitag, 31. Januar 2025

Home » » Cisco AnyConnect & OpenConnect

Cisco AnyConnect & OpenConnect

By  Keine Kommentare:

Cisco AnyConnect - OpenConnect Client

Even Cisco AnyConnect is an option ;-)

https://www.linuxbabe.com/vpn/openconnect-vpn-server-ocserv-ubuntu-24-04

https://www.linuxbabe.com/ubuntu/openconnect-vpn-server-ocserv-ubuntu-20-04-lets-encrypt

 

Names for this Clone

  • ocserv
  • OpenConnect VPN Server
  • OpenConnect VPN Client (The VPN Client [not the ocserv server!] does experimental support for a lot of VPN Servers like Fortinet, Palo Alto etc. - https://en.wikipedia.org/wiki/OpenConnect)

Information

https://ocserv.openconnect-vpn.net

https://ocserv.openconnect-vpn.net/ocserv.8.html

OpenConnect Server VPN Client Options

  • https://gui.openconnect-vpn.net/download/ - definetely working! (Native Client)
  • Windows VPN App Cisco AnyConnect is working good (License information)
  • iOS App CiscoAnyConnect/SecureClient is working as well - stable?
  • Windows Cisco AnyConnect Version 4 is working good - License?
  • Windows Cisco Secure Client is NOT working (Version 5)  
  • Open ToDos: Using Client Certificates? Perhaps instead of passwords?

Docker Options

https://github.com/Ramtiiin/ocserv

Setup ...

https://www.linuxbabe.com/vpn/openconnect-vpn-server-ocserv-ubuntu-24-04

vpn.gueldenpfennig.info = 45.89.127.31

sudo apt install openconnect

sudo openconnect -b vpn.gueldenpfennig.info

The following line will not work right now, as no certificate is installed ... wait for Let's Encrypt later on ;-)
sudo apt install ocserv 

vi /etc/dnsmasq.conf <<< NOW! (I do no longer know why ...)
Uncomment this line:
conf-dir=/etc/dnsmasq.d


systemctl status ocserv

systemctl restart ocserv

systemctl start ocserv

Install Let’s Encrypt Client (Certbot)

https://www.linuxbabe.com/ubuntu/openconnect-vpn-server-ocserv-ubuntu-20-04-lets-encrypt 

sudo apt install certbot

certbot --version

=> certbot 2.9.0

Optain SSL Cert via Let’s Encrypt - currently up to 2025-10-15

(Port 80 on this server needs to be available for the certbot!!!)

sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email volker "at" gueldeXXnpfennig.info -d vpn.gueldenpfennig.info
(manual update of the certificate can be done at any time ... if you do it too often, they will deny new certificates ...)

=> Log at: /var/log/letsencrypt/letsencrypt.log

Account registered.
Requesting a certificate for vpn.gueldenpfennig.info

=>
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/vpn.gueldenpfennig.info/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/vpn.gueldenpfennig.info/privkey.pem
This certificate expires on 2025-05-30.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 

 

Edit VPN Server Config

vi /etc/ocserv/ocserv.conf

### This is default ...
### https://manpages.ubuntu.com/manpages/xenial/man8/ocpasswd.8.html
### ocpasswd -c /etc/ocserv/passwd my_username  <<<< pwd will be asked via keyboard ...
auth = "plain[passwd=/etc/ocserv/passwd]"

# ... leave it in ... Volker new
udp-port = 443

server-cert = /etc/letsencrypt/live/vpn.gueldenpfennig.info/fullchain.pem
server-key = /etc/letsencrypt/live/vpn.gueldenpfennig.info/privkey.pem

max-clients = 256

max-same-clients = 0

keepalive = 30

try-mtu-discovery = true

default-domain = vpn.gueldenpfennig.info

# this is the DNS Server for the clients ... (18.7.25: this is still current ...)
dns = 8.8.8.8

#route = 10.0.0.0/8
#route = 172.16.0.0/12
#route = 192.168.0.0/16
###(=> this ensures, that complete routing will happen ... i.e. 0.0.0.0/0)

# This is the network for the clients ...
ipv4-network = 192.168.244.0
ipv4-netmask = 255.255.255.0


Add a user for the OpenConnect / Cisco VPN (Plain Text)

ocpasswd -c /etc/ocserv/passwd <my_username>     ### pwd will be asked via keyboard ...


Setup Client Certificates

https://www.linuxbabe.com/ubuntu/certificate-authentication-openconnect-vpn-server-ocserv

... some information (perhaps similar) is available in the "default documentation" as well :-)

https://ocserv.openconnect-vpn.net/ocserv.8.html





#

Share:

0 Kommentare:

Kommentar veröffentlichen

  • Bilder KLP 2026
    Bilder KLP 2026 ... zum ersten Mal leider ohne Mützingenta ;-( https://gueldenpfennigs.blogspot.com/2019/06/kulturelle-landpartie.html Idee...
  • US Nationalarchiv
    US Nationalarchiv Am besten mit Edge und nicht mit Chrome ;-) Früh morgens oder spät abends - sonst ist die Website häufig überlastet Suchti...
  • Kulturelle Landpartie
    Kulturelle Landpartie - KLP & WLP ;-) ... Wunderpunkte im Wendland, Gorleben, Lüchow-Dannenberg ... https://www.kulturelle-landparti...
  • Speedtest
    Speedtests in the Web ;-) https://www.uni-mannheim.de/it/support/speedtest - Uni Mannheim - perfekt :-)))) https://www.breitbandmessung.de ...

Blog-Archiv

Powered by Blogger.

Blog Archive

Blogger templates