\u5b89\u88c5\u7f16\u8bd1\u73af\u5883\u53ca\u4f9d\u8d56\uff0c\u5982\u90e8\u5206\u8f6f\u4ef6\u4e0d\u80fd\u5b89\u88c5\u8bf7\u5148\u5b89\u88c5epel\u6e90\u3002<\/p>\n
yum install pam-devel readline-devel http-parser-devel unbound gmp-devel
\nyum install tar gzip xz wget gcc make autoconf
\nocserv\u7f16\u8bd1\u5b89\u88c5\u4f9d\u8d56\uff0cocserv\u9700\u8981gnutls3\u7248\u672c\u4ee5\u4e0a\uff0cgnutls\u4f9d\u8d56nettle2.7.1\uff1a<\/p>\n
wget ftp:\/\/ftp.gnu.org\/gnu\/nettle\/nettle-2.7.1.tar.gz
\ntar zxvf nettle-2.7.1.tar.gz
\ncd nettle-2.7.1\/
\n.\/configure –prefix=\/usr\/local\/nettle
\nmake && make install
\necho ‘\/usr\/local\/nettle\/lib64\/’ > \/etc\/ld.so.conf.d\/nettle.conf
\nldconfig
\n\u5b89\u88c5gnutls3.3.9\uff1a<\/p>\n
export NETTLE_CFLAGS=”-I\/usr\/local\/nettle\/include\/”
\nexport NETTLE_LIBS=”-L\/usr\/local\/nettle\/lib64\/ -lnettle”
\nexport HOGWEED_LIBS=”-L\/usr\/local\/nettle\/lib64\/ -lhogweed”
\nexport HOGWEED_CFLAGS=”-I\/usr\/local\/nettle\/include”
\nwget ftp:\/\/ftp.gnutls.org\/gcrypt\/gnutls\/v3.3\/gnutls-3.3.9.tar.xz
\ntar xvf gnutls-3.3.9.tar.xz
\ncd gnutls-3.3.9\/
\n.\/configure –prefix=\/usr\/local\/gnutls
\nmake && make install
\nln -s \/usr\/local\/gnutls\/bin\/certtool \/usr\/bin\/certtool
\necho ‘\/usr\/local\/gnutls\/lib\/’ > \/etc\/ld.so.conf.d\/gnutls.conf
\nldconfig
\n\u5b89\u88c5libnl\uff1a<\/p>\n
yum install bison flex
\nwget http:\/\/www.carisma.slowglass.com\/~tgr\/libnl\/files\/libnl-3.2.24.tar.gz
\ntar xvf libnl-3.2.24.tar.gz
\ncd libnl-3.2.24
\n.\/configure –prefix=\/usr\/local\/libnl
\nmake && make install
\necho ‘\/usr\/local\/libnl\/lib\/’ > \/etc\/ld.so.conf.d\/libnl.conf
\nldconfig
\n\u5b89\u88c5ocserv\uff1a<\/p>\n
export LIBNL3_CFLAGS=”-I\/usr\/local\/libnl\/include\/libnl3″
\nexport LIBNL3_LIBS=”-L\/\/usr\/local\/libnl\/lib\/ -lnl-3 -lnl-route-3″
\nexport LIBGNUTLS_LIBS=”-L\/usr\/local\/gnutls\/lib\/ -lgnutls”
\nexport LIBGNUTLS_CFLAGS=”-I\/usr\/local\/gnutls\/include\/”
\nwget ftp:\/\/ftp.infradead.org\/pub\/ocserv\/ocserv-0.9.0.1.tar.xz
\ntar xvf ocserv-0.9.0.1.tar.xz
\ncd ocserv-0.9.0
\n.\/configure –prefix=\/usr\/local\/ocserv
\nmake && make install
\necho ‘export PATH=$PATH:\/\/usr\/local\/ocserv\/sbin\/:\/usr\/local\/ocserv\/bin\/’ >> $HOME\/.bashrc
\nsource $HOME\/.bashrc
\n\u751f\u6210SSL\u8bc1\u4e66\uff1a<\/p>\n
mkdir \/etc\/ocserv\/
\ncd \/etc\/ocserv
\n#CA\u79c1\u94a5\uff1a
\ncerttool –generate-privkey –outfile ca-key.pem
\n#CA\u6a21\u677f\uff1a
\ncat << EOF > ca.tmpl
\ncn = “thinkingandcreating.com”
\norganization = “thinkingandcreating.com”
\nserial = 1
\nexpiration_days = 3650
\nca
\nsigning_key
\ncert_signing_key
\ncrl_signing_key
\nEOF
\n#CA\u8bc1\u4e66\uff1a
\ncerttool –generate-self-signed –load-privkey ca-key.pem –template ca.tmpl –outfile ca-cert.pem
\n#Server\u79c1\u94a5\uff1a
\ncerttool –generate-privkey –outfile server-key.pem
\n#Server\u8bc1\u4e66\u6a21\u677f\uff1a
\ncat << EOF > server.tmpl
\ncn = “thinkingandcreating.com”
\no = “thinkingandcreating.com”
\nexpiration_days = 3650
\nsigning_key
\nencryption_key
\ntls_www_server
\nEOF
\n#Server\u8bc1\u4e66\uff1a
\ncerttool –generate-certificate –load-privkey server-key.pem –load-ca-certificate ca-cert.pem –load-ca-privkey ca-key.pem –template server.tmpl –outfile server-cert.pem
\n\u5bc6\u7801\u767b\u5f55\uff0c\u751f\u6210\u5bc6\u7801\u6587\u4ef6\uff1a<\/p>\n
ocpasswd -c \/etc\/ocserv\/passwd username
\n\u8bc1\u4e66\u767b\u5f55\uff1a<\/p>\n
#user\u79c1\u94a5
\ncerttool –generate-privkey –outfile user-key.pem
\n#user\u6a21\u677f
\ncat << EOF > user.tmpl
\ncn = “some random name”
\nunit = “some random unit”
\nexpiration_days = 365
\nsigning_key
\ntls_www_client
\nEOF
\n#user\u8bc1\u4e66
\ncerttool –generate-certificate –load-privkey user-key.pem –load-ca-certificate ca-cert.pem –load-ca-privkey ca-key.pem –template user.tmpl –outfile user-cert.pem
\n\u914d\u7f6e\u6587\u4ef6\uff1a<\/p>\n
auth = “plain[\/etc\/ocserv\/passwd]”
\n#\u8bc1\u4e66\u8ba4\u8bc1
\n#auth = “certificate”
\nca-cert \/etc\/ocserv\/ca-cert.pem
\nmax-clients = 16
\nmax-same-clients = 2
\ntcp-port = 5551
\nudp-port = 5551
\nkeepalive = 32400
\ntry-mtu-discovery = true
\ncisco-client-compat = true
\nserver-cert = \/etc\/ocserv\/server-cert.pem
\nserver-key = \/etc\/ocserv\/server-key.pem
\nauth-timeout = 40
\npid-file = \/var\/run\/ocserv.pid
\nsocket-file = \/var\/run\/ocserv-socket
\nrun-as-user = nobody
\nrun-as-group = daemon
\ndevice = vpns
\nipv4-network = 172.16.37.0
\nipv4-netmask = 255.255.255.0
\nroute = 172.16.37.0\/255.255.255.0
\n\u542f\u52a8opserv\uff1a<\/p>\n
ocserv -f -c \/etc\/ocserv\/ocserv.conf
\nIP\u8f6c\u53d1\u53caSNAT\uff1a<\/p>\n
iptables -t nat -A POSTROUTING -j SNAT \u2013to-source <\u670d\u52a1\u5668\u516c\u7f51 IP > -o <\u5bf9\u5e94\u7f51\u5361\u7684\u540d\u79f0>
\niptables -t nat -A POSTROUTING -s 172.16.37.0\/24 -o venet0 -j MASQUERADE
\niptables -A FORWARD -s 172.16.37.0\/24 -j ACCEPT
\nservice iptables save
\n\u8bb0\u5f97\u5f00\u59cbiptables
\n\u4f7f\u7528\u7528\u6237\u5bc6\u7801\u8fde\u63a5\uff1a<\/p>\n
echo passwd|openconnect -u username thinkingandcreating.com:5551 –no-cert-check
\n\u4f7f\u7528\u8bc1\u4e66\u8fde\u63a5\uff1a<\/p>\n
openconnect -k user-key.pem -c user-cert.pem thinkingandcreating.com:5551 –no-cert-check<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5b89\u88c5\u7f16\u8bd1\u73af\u5883\u53ca\u4f9d\u8d56\uff0c\u5982\u90e8\u5206\u8f6f\u4ef6\u4e0d\u80fd\u5b89\u88c5\u8bf7\u5148\u5b89\u88c5epel\u6e90\u3002 yum install pam-devel readline-devel http-parser-devel unbound gmp-devel yum install tar gzip xz wget gcc make autoconf ocserv\u7f16\u8bd1\u5b89\u88c5\u4f9d\u8d56\uff0cocserv\u9700\u8981gnutls3\u7248\u672c\u4ee5\u4e0a\uff0cgnutls\u4f9d\u8d56nettle2.7.1\uff1a wget ftp:\/\/ftp.gnu.org\/gnu\/nettle\/nettle-2.7.1.tar.gz tar zxvf nettle-2.7.1.tar.gz cd nettle-2.7.1\/ .\/configure –prefix=\/usr\/local\/nettle make && make install echo ‘\/usr\/local\/nettle\/lib64\/’ > \/etc\/ld.so.conf.d\/nettle.conf ldconfig \u5b89\u88c5gnutls3.3.9\uff1a export NETTLE_CFLAGS=”-I\/usr\/local\/nettle\/include\/” export NETTLE_LIBS=”-L\/usr\/local\/nettle\/lib64\/ -lnettle” export HOGWEED_LIBS=”-L\/usr\/local\/nettle\/lib64\/ -lhogweed” export HOGWEED_CFLAGS=”-I\/usr\/local\/nettle\/include” wget ftp:\/\/ftp.gnutls.org\/gcrypt\/gnutls\/v3.3\/gnutls-3.3.9.tar.xz tar xvf gnutls-3.3.9.tar.xz cd gnutls-3.3.9\/ .\/configure … Continue reading Centos6\u5b89\u88c5ocserv\/openconnect\/cisco AnyConnect vpn<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-1370","post","type-post","status-publish","format-standard","hentry","category-linux","tag-vpn"],"_links":{"self":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts\/1370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1370"}],"version-history":[{"count":4,"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts\/1370\/revisions"}],"predecessor-version":[{"id":1493,"href":"https:\/\/www.strongd.net\/index.php?rest_route=\/wp\/v2\/posts\/1370\/revisions\/1493"}],"wp:attachment":[{"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.strongd.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}