From 3c3cc25dc4d29a03bae3351d319f5fca65e43d3f Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 8 Jul 2015 08:16:30 +0200
Subject: [PATCH] ocserv: more explicit documentation

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 net/ocserv/README | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/net/ocserv/README b/net/ocserv/README
index 961f33e4ef..b021d600f4 100644
--- a/net/ocserv/README
+++ b/net/ocserv/README
@@ -1,5 +1,10 @@
 The openconnect server expects to be configured using the uci interface.
 
+It is recommended to setup a dynamic DNS address with openwrt prior
+to starting the server. That is because during the first startup
+a certificate file which contain the setup dynamic DNS name will be
+created.
+
 To setup a server the provides access to LAN with network address
 10.100.2.0/255.255.255.0 using the VPN address range
 10.100.3.0/255.255.255.0 add the following to /etc/config/ocserv:
@@ -65,6 +70,20 @@ config forwarding
 config forwarding
         option dest 'vpn'
         option src 'lan'
+
+config rule
+        option target 'ACCEPT'
+        option src 'wan'
+        option proto 'tcp'
+        option dest_port '443'
+        option name 'vpn'
+
+config rule
+        option target 'ACCEPT'
+        option src 'wan'
+        option proto 'udp'
+        option dest_port '443'
+        option name 'vpn'
 -----------------------------------------------------------------
 
 
-- 
2.30.2