Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: preg_match(): Unknown modifier '-' in /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php on line 783

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/akl1986/public_html/support/wp-content/plugins/redux-framework/redux-core/inc/extensions/metaboxes/class-redux-extension-metaboxes.php:783) in /home/akl1986/public_html/support/wp-includes/rest-api/class-wp-rest-server.php on line 1794
{"id":2932,"date":"2019-12-27T07:31:35","date_gmt":"2019-12-27T07:31:35","guid":{"rendered":"https:\/\/support.aklwebhost.com\/?post_type=manual_kb&p=2932"},"modified":"2019-12-27T07:31:35","modified_gmt":"2019-12-27T07:31:35","slug":"setup-openconnect-vpn-server-for-cisco-anyconnect-on-ubuntu-14-04-x64","status":"publish","type":"manual_kb","link":"https:\/\/support.aklwebhost.com\/knowledgebase\/setup-openconnect-vpn-server-for-cisco-anyconnect-on-ubuntu-14-04-x64\/","title":{"rendered":"Setup OpenConnect VPN Server for Cisco AnyConnect on Ubuntu 14.04 x64"},"content":{"rendered":"

OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.<\/p>\n

This article will show you how to install and setup ocserv on Ubuntu 14.04 x64.<\/p>\n

Installing ocserv<\/h3>\n

Since Ubuntu 14.04 does not ship with ocserv, we will have to download the source code and compile it. The latest stable version of ocserv is 0.9.2.<\/p>\n

Download ocserv from the official site.<\/p>\n

wget ftp:\/\/ftp.infradead.org\/pub\/ocserv\/ocserv-0.9.2.tar.xz\r\ntar -xf ocserv-0.9.2.tar.xz\r\ncd ocserv-0.9.2\r\n<\/code><\/pre>\n
Next, install the compile dependencies.<\/p>\n
apt-get install build-essential pkg-config libgnutls28-dev libwrap0-dev libpam0g-dev libseccomp-dev libreadline-dev libnl-route-3-dev\r\n<\/code><\/pre>\n
Compile and install ocserv.<\/p>\n
.\/configure\r\nmake\r\nmake install\r\n<\/code><\/pre>\n
Configuring ocserv<\/h3>\n
A sample config file is placed under the directory\u00a0ocser-0.9.2\/doc<\/code>. We will use this file as a template. At first, we have to make our own CA cert and server cert.<\/p>\n
cd ~\r\napt-get install gnutls-bin\r\nmkdir certificates\r\ncd certificates\r\n<\/code><\/pre>\n
We create a CA template file (ca.tmpl<\/code>) with the content similar to the following. You can set your own “cn” and “organization”.<\/p>\n
cn = \"VPN CA\" \r\norganization = \"Big Corp\" \r\nserial = 1 \r\nexpiration_days = 3650\r\nca \r\nsigning_key \r\ncert_signing_key \r\ncrl_signing_key \r\n<\/code><\/pre>\n
Then, generate a CA key and CA cert.<\/p>\n
certtool --generate-privkey --outfile ca-key.pem\r\ncerttool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem\r\n<\/code><\/pre>\n
Next, create a local server certificate template file (server.tmpl<\/code>) with the the content below. Please pay attention to the “cn” field, it must match the DNS name or IP address of your server.<\/p>\n
cn = \"you domain name or ip\"\r\norganization = \"MyCompany\" \r\nexpiration_days = 3650 \r\nsigning_key \r\nencryption_key\r\ntls_www_server\r\n<\/code><\/pre>\n
Then, generate the server key and certificate.<\/p>\n
certtool --generate-privkey --outfile server-key.pem\r\ncerttool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem\r\n<\/code><\/pre>\n
Copy the key, certificate, and config file to the ocserv config directory.<\/p>\n
mkdir \/etc\/ocserv\r\ncp server-cert.pem server-key.pem \/etc\/ocserv\r\ncd ~\/ocserv-0.9.2\/doc\r\ncp sample.config \/etc\/ocserv\/config\r\ncd \/etc\/ocserv\r\n<\/code><\/pre>\n
Edit the config file under\u00a0\/etc\/ocserv<\/code>. Uncomment or modify the fields described below.<\/p>\n
auth = \"plain[\/etc\/ocserv\/ocpasswd]\"\r\n\r\ntry-mtu-discovery = true\r\n\r\nserver-cert = \/etc\/ocserv\/server-cert.pem\r\nserver-key = \/etc\/ocserv\/server-key.pem\r\n\r\ndns = 8.8.8.8\r\n\r\n# comment out all route fields\r\n#route = 10.10.10.0\/255.255.255.0\r\n#route = 192.168.0.0\/255.255.0.0\r\n#route = fef4:db8:1000:1001::\/64\r\n#no-route = 192.168.5.0\/255.255.255.0\r\n\r\ncisco-client-compat = true\r\n<\/code><\/pre>\n
Generate a user that will be used to login to ocserv.<\/p>\n
ocpasswd -c \/etc\/ocserv\/ocpasswd username\r\n<\/code><\/pre>\n
Enable NAT.<\/p>\n
iptables -t nat -A POSTROUTING -j MASQUERADE\r\n<\/code><\/pre>\n
Enable IPv4 forwarding. Edit the file\u00a0\/etc\/sysctl.conf<\/code>.<\/p>\n
net.ipv4.ip_forward=1\r\n<\/code><\/pre>\n
Apply this modification.<\/p>\n
sysctl -p \/etc\/sysctl.conf\r\n<\/code><\/pre>\n
Start ocserv and connect using Cisco AnyConnect<\/h3>\n
First, start ocserv.<\/p>\n
ocserv -c \/etc\/ocserv\/config\r\n<\/code><\/pre>\n
Then, install Cisco AnyConnect on any of your devices, such as iPhone, iPad, or an Android device. Since we used a self-signed server key and certificate, we have to uncheck the option which prevents insecure servers. This option is located in the settings of AnyConnect. At this point, we can setup a new connection with the domain name or IP address of our ocserv and the username\/password that we created.<\/p>\n
Connect and enjoy!<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","manualknowledgebasecat":[244,245,247],"manual_kb_tag":[464],"_links":{"self":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2932"}],"collection":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb"}],"about":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/types\/manual_kb"}],"author":[{"embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/comments?post=2932"}],"version-history":[{"count":1,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2932\/revisions"}],"predecessor-version":[{"id":2933,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2932\/revisions\/2933"}],"wp:attachment":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/media?parent=2932"}],"wp:term":[{"taxonomy":"manualknowledgebasecat","embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manualknowledgebasecat?post=2932"},{"taxonomy":"manual_kb_tag","embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb_tag?post=2932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}