Auto Install Ocserv Server for CentOS/RedHat 7
这是 ocserv 在 CentOS 7 和 RHEL 7 的一键安装脚本,使用 epel 的二进制源,可以在最小化安装环境的 CentOS 7 和 RHEL 7 下一键部署 ocserv。
支持自动判断 firewalld 和 iptables,安装前请确保其中之一在运行。
Allow firewall to forward.
Warning: ALREADY_ENABLED: masquerade
Connected to HTTPS on myip
Failed to read from SSL socket: TLS 链接非正常地终止了。
获取 HTTPS 响应出错
GET https://myip
Connected to myip:443
SSL negotiation with myip
Server certificate verify failed: signer not found
Connected to HTTPS on myip
Failed to read from SSL socket: TLS 链接非正常地终止了。
获取 HTTPS 响应出错
Failed to obtain WebVPN cookie
客户端连接会报这样的错误
ocserv的服务已经正常启动
service ocserv status
Redirecting to /bin/systemctl status ocserv.service
● ocserv.service - OpenConnect SSL VPN server
Loaded: loaded (/usr/lib/systemd/system/ocserv.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2017-01-11 20:54:31 EST; 53min ago
Docs: man:ocserv(8)
Process: 20179 ExecStart=/usr/sbin/ocserv --pid-file /var/run/ocserv.pid --config /etc/ocserv/ocserv.conf (code=exited, status=0/SUCCESS)
Process: 20177 ExecStartPre=/usr/sbin/ocserv-genkey (code=exited, status=0/SUCCESS)
Main PID: 20181 (ocserv-main)
CGroup: /system.slice/ocserv.service
├─20181 ocserv-main
└─20182 ocserv-sm
1月 11 20:54:30 localhost.localdomain systemd[1]: Starting OpenConnect SSL VPN server...
1月 11 20:54:31 localhost.localdomain ocserv[20179]: Parsing plain auth method subconfig using legacy format
1月 11 20:54:31 localhost.localdomain ocserv[20179]: note: setting 'plain' as primary authentication method
1月 11 20:54:31 localhost.localdomain ocserv[20179]: note: setting 'file' as supplemental config option
1月 11 20:54:31 localhost.localdomain ocserv[20181]: main: initialized ocserv 0.11.6
1月 11 20:54:31 localhost.localdomain ocserv[20182]: sec-mod: reading supplemental config from files
1月 11 20:54:31 localhost.localdomain ocserv[20182]: sec-mod: sec-mod initialized (socket: /var/lib/ocserv/ocserv.sock.20181)
1月 11 20:54:31 localhost.localdomain systemd[1]: Started OpenConnect SSL VPN server.
1月 11 21:44:41 localhost.localdomain ocserv[20181]: main: myclientip:53531 user disconnected (reason: unspecified, rx: 0, tx: 0)
1月 11 21:44:41 localhost.localdomain ocserv[20181]: main: myclientip:53532 user disconnected (reason: unspecified, rx: 0, tx: 0)
17:44:56 LIB: getaddrinfo failed for host 'x.x.x.x': No address associated with hostname
17:44:56 LIB: Failed to open HTTPS connection to x.x.x.x:x
17:44:56 Error obtaining cookie
17:45:03 VPN terminated with errors
我看到了配置文件中,写了可以对每个用户限速,但不知如何填写配置文件参数。
ocserv.conf中提到的如下一段,但是及时取消注释后,全局依旧无法限制!是否还需要做其他设置操作!
Unset to enable bandwidth restrictions (in bytes/sec). The# setting here is global, but can also be setper user or per group.
#rx-data-per-sec = 40000
#tx-data-per-sec = 40000
能打开Google,能打开Google Play,然而就是下载失败。
systemctl is-active iptables.service 返回 inactive 时 你这脚本就有问题了。可以尝试把iptables激活啊。。。
I'm a student, please add ipv6 support. Thanks all!
能否添加脚本修改登入方式,每次输入密码点确定太麻烦。
Access denied Error code 1020
You do not have access to chat.openai.com.
The site owner may have set restrictions that prevent you from accessing the site.
I got an error when visiting chat.openai.com/.
[root@instance-1 ~]# /bin/bash ocserv-auto.sh
ocserv-auto.sh: line 7: syntax error near unexpected token newline' ocserv-auto.sh: line 7: '
--> Processing Dependency: libhttp_parser.so.2()(64bit) for package: ocserv-0.11.8-1.el7.x86_64
--> Finished Dependency Resolution
Error: Package: ocserv-0.11.8-1.el7.x86_64 (epel)
Requires: libhttp_parser.so.2()(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
./ocserv-auto.sh: line 143: certtool: command not found
./ocserv-auto.sh: line 156: certtool: command not found
./ocserv-auto.sh: line 158: certtool: command not found
./ocserv-auto.sh: line 170: certtool: command not found
cp: cannot stat ‘server-cert.pem’: No such file or directory
cp: cannot stat ‘server-key.pem’: No such file or directory
./ocserv-auto.sh: line 180: ocpasswd: command not found
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
sed: can't read /etc/ocserv/ocserv.conf: No such file or directory
./ocserv-auto.sh: line 195: /etc/ocserv/ocserv.conf: No such file or directory
有空更新下呗
henking ocserv service status...
./ocserv-auto.sh: line 554: netstat: command not found
./ocserv-auto.sh: line 555: netstat: command not found
./ocserv-auto.sh: line 556: netstat: command not found
WARNING!!! ocserv service is NOT Running!
电信200M家庭宽带,直连光猫拨号连接稳定,但是中间如果隔着路由器的话就会连上就断线,概率能连上,连上至断线的间隙大概十多秒,这十多秒时间内VPN可以工作可以访问谷歌,随后断线。
请问这种情况应该怎么解决?
日志:
16:06:47 Contacting xxxx.xxxx.xx:0001.
16:06:48 User credentials entered.
16:06:52 User credentials entered.
16:06:52 Establishing VPN session...
16:06:52 The AnyConnect Downloader is performing update checks...
16:06:52 Checking for profile updates...
16:06:52 Checking for product updates...
16:06:52 Checking for customization updates...
16:06:53 Performing any required updates...
16:06:53 The AnyConnect Downloader updates have been completed.
16:06:53 Establishing VPN session...
16:06:53 Establishing VPN - Initiating connection...
16:06:53 Establishing VPN - Examining system...
16:06:53 Establishing VPN - Activating VPN adapter...
16:06:53 Establishing VPN - Configuring system...
16:06:55 Establishing VPN...
16:06:55 Connected to xxxx.xxxx.xx:0001
16:07:02 Reconnecting to xxxx.xxxx.xx:0001...
16:07:03 Disconnect in progress, please wait...
16:07:03 The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication.
安装完成运行 systemctl status ocserv -l 出线一条红色的警示信息“ main: tun.c:495: Can't open /dev/net/tun: No such file or directory”,是什么意思呢?
安装完成后用ios客户端连接总是提示 “安全网关已拒绝所尝试的连接操作... ...” ,使用的是DO的VPS
[root@bandwagon4g ~]# sh ocserv-auto.sh
ocserv-auto.sh: line 5: syntax error near unexpected token `newline'
ocserv-auto.sh: line 5: `<!DOCTYPE html>'
在执行完脚本后,使用Cisco Anyconnect去连接,能连上,但是每次都需要单独设置anyconnect里的一些选项,比方说本地Allow local access when using VPN这个选项,之前看Ocserv里有profile.xml这个文件,但是我尝试着指定
user-profile = /etc/ocserv/profile.xml
后,并取消注释这一行,重启服务,再连接就会提示无法下载Profile.xml因而无法完成连接。
是否要将这个文件放在/usr/local/etc/ocserv下?
如何解决?
刚换上了刚买的CA证书,可以连接 但是访问不了网页,提示无法访问网络,奇怪的是QQ居然登陆了。
mac下载了,可以正常使用。但是在iphone下载了之后,总是连接上一下,然后显示“安全网关已拒绝所尝试的连接操作,需要尝试与同一或其他安全网关建立新连接,新连接要求重新进行身份验证”。不知道问题出在哪里,请问,如何如检查?
阿里云和DEDISERVE,CENTOS和RHEL,都是这样
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.