1

sudo apt-get install -y build-essential fakeroot devscripts iputils-ping ruby-ronn openconnect libuid-wrapper libnss-wrapper libsocket-wrapper gss-ntlmssp git-core make autoconf libtool autopoint gettext automake nettle-dev libwrap0-dev libpam0g-dev liblz4-dev libseccomp-dev libreadline-dev libnl-route-3-dev libkrb5-dev liboath-dev libradcli-dev libprotobuf-dev libtalloc-dev libhttp-parser-dev libpcl1-dev protobuf-c-compiler gperf liblockfile-bin nuttcp libpam-oath libev-dev libgnutls28-dev gnutls-bin haproxy yajl-tools libcurl4-gnutls-dev libcjose-dev libjansson-dev libssl-dev iproute2 libpam-wrapper tcpdump

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

git clone https://gitlab.com/openconnect/ocserv.git
cd ocserv
chmod u+x autogen.sh
./autogen.sh
./configure --prefix=/usr --sysconfdir=/etc/
sudo make
# sudo make check
sudo make install
sudo mkdir /etc/ocserv
sudo cp ./doc/sample.config /etc/ocserv/ocserv.conf
sudo cp ./doc/systemd/standalone/ocserv.service /lib/systemd/system/ocserv.service
sudo cp ./tests/certs/server-cert.pem /etc/ocserv/server-cert.pem
sudo cp ./tests/certs/ca.pem /etc/ocserv/ca.pem
sudo systemctl daemon-reload

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# 设置防火墙规则允许转发
sudo ufw default allow routed

#在文件最后加入如下，其中-s参数和-o参数根据自己的情况更改
sudo vim /etc/ufw/before.rules

# ocserv
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -o ens160 -j MASQUERADE
COMMIT

1
2
3
4
5

cd ocserv
sudo make uninstall
sudo rm /lib/systemd/system/ocserv.service
#sudo rm -rf /etc/ocserv
sudo systemctl daemon-reload