You are tired from openvpn performance issues. You want to use more opensource software? You wan to replace your Cisco ASA but don’t want to give up annyconnect VPN client software?
You want a reliable VPN server for your business? I found a solution for your requirements.
OpenConnect VPN Server called OCSERV
You can use the AnnyConnect client to dial in to OCSERV VPN server or openconnect VPN client.
apt install ocserv
You have installed the VPN Server but in Enterprise enviroments that is not enough for security. You want to use this for hundred or thousand of employees.
I want to show you my configuration of OCSERV and RADIUS integration with Privacyidea a two factor opensource solution.
If you want to use OCSERV with RADIUS please read this first
You have to compile radcli from source first without this you have no RADIUS functionality.
Look at https://github.com/radcli/radcli/releases for the latest version
Fill the information for your radius server under
nas-identifier fw01 authserver 10.10.10.50 acctserver 10.10.10.50 servers /etc/radcli/servers dictionary /etc/radcli/dictionary default_realm radius_timeout 10 radius_retries 3 bindaddr *
# Server Name or Client/Server pair Key ## ---------------- --------------- # #portmaster.elemental.net hardlyasecret #portmaster2.elemental.net donttellanyone # ## uncomment the following line for simple testing of radlogin ## with freeradius-server # #localhost/localhost testing123 # 10.10.110.60 yourradiussecrectkey
After you have compile radcli on the system you can choose to install ocserv from the distribution repository or to compile it from source. I have use the repository from the distribution.
add following to the
auth = “radius[config=/etc/radcli/radiusclient.conf,groupconfig=true]”
Fixing some errors…
custom-header = “X-CSTP-Client-Bypass-Protocol: true”
Add your own certificate for your domain
ipv4-network = 10.10.100.128
ipv4-netmask = 255.255.255.128
Add route to network that you want to reach form the vpn server