Centos7 Ocserv安装使用用户名密码认证

时间:2025-03-24 09:19:40

之前用docker的这个:/wppurking/ocserv-docker

但是不能定制路由,还是自己安一个

1、安装epel的yum源,安装ocserv

yum install epel-release -y       
yum install ocserv -y

2.修改配置文件

/etc/ocserv/

内容如下

# 这里用密码验证
auth = "plain[passwd=/etc/ocserv/ocpasswd]"

# TCP and UDP port number
tcp-port = 443
udp-port = 443

run-as-user = ocserv
run-as-group = ocserv

socket-file = 
chroot-dir = /var/lib/ocserv
isolate-workers = true

max-clients = 1024
max-same-clients = 2
keepalive = 32400
dpd = 90
mobile-dpd = 1800
switch-to-tcp-timeout = 25
try-mtu-discovery = false

# 证书路径 默认
server-cert = /etc/pki/ocserv/public/
server-key = /etc/pki/ocserv/private/

# ca证书
ca-cert = /etc/pki/ocserv/cacerts/
cert-user-oid = 0.9.2342.19200300.100.1.1
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"


auth-timeout = 240
min-reauth-time = 300
max-ban-score = 50
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl

use-occtl = true
pid-file = /var/run/
device = vpns
predictable-ips = true
default-domain = 
ping-leases = false

cisco-client-compat = true
dtls-legacy = true
user-profile = 

# DNS地址
dns = 10.24.11.254
dns = 219.148.204.66
dns = 219.149.6.99

# IP地址和掩码
ipv4-network = 192.168.249.0/24

# 路由表
route = 10.24.11.0/255.255.255.0
route = 10.24.0.0/255.255.0.0
route = 172.20.0.0/255.255.0.0
route = 10.244.0.0/255.255.0.0
route = 106.75.12.89/255.255.255.255
route = 106.75.117.178/255.255.255.255

3、管理用户

配置文件/etc/ocserv/ocpasswd中可以看到创建的用户和加密后的密码。

创建命令

touch /etc/ocserv/ocpasswd

常用命令

#创建用户,需要输入密码
ocpasswd -c /etc/ocserv/ocpasswd user1
#禁用用户
ocpasswd -c /etc/ocserv/ocpasswd -l user1
#解锁被禁用的用户
ocpasswd -c /etc/ocserv/ocpasswd -u user1
#删除用户
ocpasswd -c /etc/ocserv/ocpasswd -d user1

4.开防火墙

firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=443/udp --permanent
# 允许防火墙伪装IP 必须设置
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload

高于1024端口的建议禁用SELINUX

编辑 /etc/selinux/config

将SELINUX=enforcing改为SELINUX=disabled
重启后生效

5、设置开机自启

#开机自启
systemctl enable ocserv 
#启动
systemctl start ocserv
#查看状态
systemctl status ocserv

6.客户端连接

安装好anyconnect-win-4.5.输入服务端网址,连上服务器后输入账号和密码即可。

 

 

相关文章