Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/beigi-reza/docker-compose-ocserv

OpenConnect VPN server (ocserv) run as docker with docker-compose
https://github.com/beigi-reza/docker-compose-ocserv

docker docker-compose ocserv-docker openconnect openconnectserver ssl vpn

Last synced: 3 months ago
JSON representation

OpenConnect VPN server (ocserv) run as docker with docker-compose

Awesome Lists containing this project

README 

        
![Image Size](https://img.shields.io/docker/image-size/rezabeigi/ocserv)

![Downloads](https://img.shields.io/docker/pulls/rezabeigi/ocserv)

![Build](https://img.shields.io/docker/automated/rezabeigi/ocserv)



# OpenConnect VPN server (ocserv) on docker



OpenConnect VPN server (ocserv) is an Open Source SSL VPN server. for secure and scalable VPN infrastructure.



## Installtion



**It is launched with the following settings**



- 2 Device connections for each user (`max-same-clients=2`)

- Up to 32 clients (`max-clients=32`)

- `10.10.10.0/24` as the internal IP pool

- Listens on port `443`

- Tunnels DNS to the server



## Edit docker-compse.yml & Run

1- copy `docker-compose.yml` in your Server or clone project

2- Replace the `` variable in docker-compse.yml with appropriate value.



3- Uncommet & Edit `volume` related to certificate if use valid **SSL** 



```yml

    volumes:

      - /etc/letsencrypt/live//fullchain.pem:/etc/ocserv/server-cert.pem

      - /etc/letsencrypt/live//privkey.pem:/etc/ocserv/server-key.pem

```



3- Run `docker-compose up -d`.



# Usage



## User Managment

### Create User



```bash

docker exec -it ocserv ash -c "ocuser create "

```



### Delete a User



```bash

docker exec ocserv ash -c "ocuser delete "

```

### Lock a User



```bash

docker exec ocserv ash -c "ocuser lock "

```

### Unlock a User



```bash

docker exec ocserv ash -c "ocuser unlock "

```



### list of User 

view `ocpasswd` file



```

docker exec ocserv cat /etc/ocserv/data/ocpasswd

```



## Using Client



- [Android (Cisco AnyConnect)](https://play.google.com/store/apps/details?id=com.cisco.anyconnect.vpn.android.avf)

- [Android (OpenConnect)](https://play.google.com/store/apps/details?id=com.github.digitalsoftwaresolutions.openconnect)

- [iOS](https://apps.apple.com/us/app/cisco-anyconnect/id1135064690)

- [MacOS](https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5642-install-cisco-anyconnect-secure-mobility-client-on-a-mac-com-rev1.html)

- [Windows](https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5686-install-cisco-anyconnect-secure-mobility-client-on-a-windows.html)

- [Ubuntu](https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/Kmgmt-785-AnyConnect-Linux-Ubuntu.html)



## `To use or not to use` VALID SSL Certficate



you will need an SSL certificate, It's up to you how you would like to generate it or Use It



### Valid SSL



You need to have a domain pointing to your server IP address and ports 80 and 443 available to be listened to by the container for letsencrypt ACME challenge verification.



for mor info view this link ...



[Simplest HTTPS setup](https://leangaurav.medium.com/simplest-https-setup-nginx-reverse-proxy-letsencrypt-ssl-certificate-aws-cloud-docker-4b74569b3c61)



### Not Valid SSL



If you can't create one ( ports 80 and 443 are not available on your server, or you don't have a domain), a fallback script will generate a self-signed certificate for you inside the container. The only difference is a ***warning message about the certificate not being trusted*** when logging in.



# References



- [cisco-anyconnect-server-docker](https://github.com/soreana/cisco-anyconnect-server-docker)

- [TommyLau/docker-ocserv](https://github.com/TommyLau/docker-ocserv)