{"id":13626247,"url":"https://github.com/xhdix/openconnect-installer","last_synced_at":"2025-04-13T02:34:35.594Z","repository":{"id":38304149,"uuid":"140957192","full_name":"xhdix/openconnect-installer","owner":"xhdix","description":"Automatically set up an Openconnect/Anyconnect VPN server(ocserv) with Let's Encrypt with just one command in CentOS 8.","archived":false,"fork":false,"pushed_at":"2022-10-01T12:11:58.000Z","size":124,"stargazers_count":128,"open_issues_count":6,"forks_count":34,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-26T20:04:57.621Z","etag":null,"topics":["anyconnect","anyconnect-vpn-server","centos","centos8","dns-leak-prevention","ip-leak-prevention","lets-encrypt","letsencrypt","letsencrypt-certificates","linux","linux-vpn-server","ocserv","ocserv-installer","ocserv-script","openconnect","openconnect-vpn-server","openconnectserver","secure-vpn","vpn","vpn-server"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xhdix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-14T15:32:59.000Z","updated_at":"2024-12-23T16:19:52.000Z","dependencies_parsed_at":"2022-09-05T07:51:50.422Z","dependency_job_id":null,"html_url":"https://github.com/xhdix/openconnect-installer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xhdix%2Fopenconnect-installer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xhdix%2Fopenconnect-installer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xhdix%2Fopenconnect-installer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xhdix%2Fopenconnect-installer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xhdix","download_url":"https://codeload.github.com/xhdix/openconnect-installer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248657842,"owners_count":21140843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anyconnect","anyconnect-vpn-server","centos","centos8","dns-leak-prevention","ip-leak-prevention","lets-encrypt","letsencrypt","letsencrypt-certificates","linux","linux-vpn-server","ocserv","ocserv-installer","ocserv-script","openconnect","openconnect-vpn-server","openconnectserver","secure-vpn","vpn","vpn-server"],"created_at":"2024-08-01T21:02:13.910Z","updated_at":"2025-04-13T02:34:35.573Z","avatar_url":"https://github.com/xhdix.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# Automatically set up an Openconnect VPN server(ocserv) with Let's Encrypt with just one command.\n\n* Secured with a valid certificate from Let's encrypt\n* No IP Leak\n* No DNS Leak\n* No request/send from/to external/third party sources\n\nAll you need: A CentOS 8 server with a domain.\n\nNote 05/09/2021: If you had any problem, disable UDP and do not use the Anyconnect client app for a while!\n\nNote 23/09/2021: Change the server or server IP every 3 months to prevent Google from tracking and [flagging your server's IP](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/22369).\n\n## Install, configure, run with one command:\n\nChange the username-password list `pass.txt` (or create a new one) and then just run the command like this :\n\n```bash\nbash install.sh -f username-list-file -n host-name -e email-address\n```\n\nfor example :\n```bash\nbash install.sh -f pass.txt -n my.example.com -e mayemail@gmail.com\n```\n\nNote: By changing the script, you can get a certificate without an email address. But it is better not to.\n(`--email $EMAIL_ADDR` to `--register-unsafely-without-email`)\n\n-------------------\n#### If you want to add a list of users again after installation:\n```bash\nbash adduser.sh username-list-file\n\ne.g. :\nbash adduser.sh pass2.text\n```\n#### Renew the certificate before/after 3 months:\n\n```bash\ncertbot renew --quiet \u0026\u0026 systemctl restart ocserv # \u0026\u0026 systemctl restart ocserv2\n```\n### Run two copies of `ocserv` on the same server\nDo you want to run `ocserv` on a new port with a different configuration? Take a look at `copyoc.sh`.\n\n#### New `ocserv` copy\n```bash\n bash ./copyoc.sh -p \u003cport\u003e\n\ne.g. :\nbash ./copyoc.sh -p 8443\n```\n\n#### New `ocserv` copy for families (Cloudflare DNS for families)\nWill block malware and adult content in the new VPN service\n```bash\n bash ./copyoc.sh -p \u003cport\u003e -f\n \n e.g. :\n bash ./copyoc.sh -p 2222 -f\n```\n\n## Bypass the Internet blackout\n\n![Bypass the Internet blackout](https://user-images.githubusercontent.com/12384263/140075673-aa31959b-0979-4abc-9fea-dd89a73009d7.png)\n\n(reference: https://ooni.org/post/2019-iran-internet-blackout/#connecting-to-the-internet-from-iran)\n\nAfter installing Openconnect on a foreign VPS, just enter these commands on the domestic VPS:\n```bash\necho 1 \u003e /proc/sys/net/ipv4/ip_forward\niptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT  --to-destination [foreignVPSip]:443\niptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 443 -j DNAT  --to-destination [foreignVPSip]:443\niptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 53 -j DNAT  --to-destination [foreignVPSip]:53\niptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source [domesticVPSip]\n\n\n```\n_(Note: Make sure you use the correct network interface name. e.g. eth0 or enp0s3 or ... )_\n\nThen save iptables:\n```bash\nyum install iptables-services -y\n\nsystemctl enable iptables\n\nservice iptables save\n\nsystemctl start iptables\n```\n\nAnd then use Openconnect like this:\n```bash\necho password|openconnect --resolve=domain.com:[domesticVPSip] -vu username --passwd-on-stdin https://domain.com\n```\nOr temporary change `A` record to domestic VPS ip.\n\n**Note: The amount of incoming and outgoing traffic on your domestic VPS should not be equal.**\n\n**Please let me know if there is any problem.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxhdix%2Fopenconnect-installer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxhdix%2Fopenconnect-installer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxhdix%2Fopenconnect-installer/lists"}