%20%E5%B7%B2%E5%9C%A8%E5%AE%A2%E6%88%B7%E7%AB%AF%E8%BF%9E%E6%8E%A5%EF%BC%8C%E4%BD%86%E6%97%A0%E6%B3%95%E6%89%93%E5%BC%80%E4%BB%BB%E4%BD%95%E7%BD%91%E9%A1%B5%EF%BC%88%E6%97%A0%E4%BA%92%E8%81%94%E7%BD%91%EF%BC%89.png)
请查看这些链接:
openconnect / ocserv
openconnect / ocserv 安装 - CentOS、RHEL、Fedora
我有 centos 7.6 作为服务器公网 IP。
此外,在客户端机器上,我安装了带有无线互联网的 Windows 7 操作系统。
我按照以下命令在服务器机器上安装 openconnect:
sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf
这是 ocserv.conf 文件:
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
tcp-port = 8090
udp-port = 8090
run-as-user = ocserv
run-as-group = ocserv
socket-file = ocserv.sock
chroot-dir = /var/lib/ocserv
isolate-workers = true
max-clients = 5
max-same-clients = 1
keepalive = 32400
dpd = 90
mobile-dpd = 1800
switch-to-tcp-timeout = 25
try-mtu-discovery = true
server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key
ca-cert = /etc/pki/ocserv/cacerts/ca.crt
cert-user-oid = 0.9.2342.19200300.100.1.1
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
auth-timeout = 240
min-reauth-time = 300
max-ban-score = 50
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /var/run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 8.8.4.4
ping-leases = false
cisco-client-compat = true
dtls-legacy = true
user-profile = profile.xml
# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.
#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64
编辑 ocserv.conf 后,我执行了以下命令:
sudo systemctl start ocserv
sudo systemctl enable ocserv
sudo systemctl status ocserv
现在我从这里在客户端机器上。客户端机器可以使用用户名成功
连接到 openconnect 。 但问题是我无法在客户端机器上打开任何网页,而且似乎有。 我应该在服务器机器上做什么来解决这个问题?testNO INTERNET
服务器和客户端的防火墙都已关闭。
我没有做任何路由或转发方面的工作。
我不熟悉它们。
如果有必要,请告诉我我应该怎么做?
我还发现了这个关联关于我的情况。但不满足...
答案1
您必须为 MASQUERADE 添加 iptables/firewall,此防火墙规则将使您的服务器成为 NAT 转换器
iptables -A INPUT -o eth0 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 8090 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 8090 -j ACCEPT
iptables -A POSTROUTING -s 192.168.102.0/24 -o eth0 -j MASQUERADE
答案2
打开防火墙,并允许 udp/tcp 上的端口 8090