10.100.2.0/255.255.255.0 using the VPN address range
10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
------------------------------------------------------------------
+----/etc/config/ocserv-------------------------------------------
config ocserv 'config'
option port '4443'
option dpd '120'
option netmask '255.255.255.0'
option ipaddr '10.100.3.0'
option auth 'plain'
- option zone 'lan'
+ option zone 'vpn'
option default_domain 'lan'
option enable '1'
# /etc/init.d/ocserv start
+To simplify firewall configuration, you should setup an unmanaged interface
+(e.g., called vpn), and will have assigned the 'vpns+' interfaces. Then a zone
+called vpn should be setup to handle interactions with lan. An example
+follows:
+----/etc/config/network------------------------------------------
+config interface 'vpn'
+ option proto 'none'
+ option ifname 'vpns+'
+-----------------------------------------------------------------
+
+----/etc/config/firewall-----------------------------------------
+config zone
+ option input 'ACCEPT'
+ option forward 'REJECT'
+ option output 'ACCEPT'
+ option name 'vpn'
+ option device 'vpns+'
+ option network 'vpn'
+
+config forwarding
+ option dest 'lan'
+ option src 'vpn'
+
+config forwarding
+ option dest 'vpn'
+ option src 'lan'
+-----------------------------------------------------------------
+
There is a luci plugin to allow configuring the server from
the web environment; see the package luci-app-ocserv.
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
# ID (a unique numeric ID); REASON may be "connect" or "disconnect".
-connect-script = /usr/bin/ocserv-script
-disconnect-script = /usr/bin/ocserv-script
+
+# These scripts are not needed if you have setup an interface for all vpns+
+# devices.
+#connect-script = /usr/bin/ocserv-script
+#disconnect-script = /usr/bin/ocserv-script
# UTMP
use-utmp = false
projects / feed / packages.git / commitdiff