ocserv: more explicit documentation

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Wed, 8 Jul 2015 06:16:30 +0000 (08:16 +0200)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Wed, 8 Jul 2015 06:16:55 +0000 (08:16 +0200)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 8 Jul 2015 06:16:30 +0000 (08:16 +0200)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 8 Jul 2015 06:16:55 +0000 (08:16 +0200)
diff --git a/net/ocserv/README b/net/ocserv/README

index 961f33e4efb272698d4079bb95e91ecd51884ba0..b021d600f469afdf74b5fbcb263270468ab783d8 100644 (file)
--- a/net/ocserv/README
+++ b/net/ocserv/README
@@ -1,5 +1,10 @@
  The openconnect server expects to be configured using the uci interface.
  
+It is recommended to setup a dynamic DNS address with openwrt prior
+to starting the server. That is because during the first startup
+a certificate file which contain the setup dynamic DNS name will be
+created.
+
  To setup a server the provides access to LAN with network address
  10.100.2.0/255.255.255.0 using the VPN address range
  10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
@@ -65,6 +70,20 @@ config forwarding
  config forwarding
          option dest 'vpn'
          option src 'lan'
+
+config rule
+        option target 'ACCEPT'
+        option src 'wan'
+        option proto 'tcp'
+        option dest_port '443'
+        option name 'vpn'
+
+config rule
+        option target 'ACCEPT'
+        option src 'wan'
+        option proto 'udp'
+        option dest_port '443'
+        option name 'vpn'
  -----------------------------------------------------------------
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Wed, 8 Jul 2015 06:16:30 +0000 (08:16 +0200)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Wed, 8 Jul 2015 06:16:55 +0000 (08:16 +0200)