mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2024-09-21 10:27:19 +00:00
Engine for secure and scalable VPN infrastructure https://ocserv.openconnect-vpn.net
| build-aux | ||
| doc | ||
| gl | ||
| libopts | ||
| src | ||
| tests | ||
| .gitignore | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| INSTALL | ||
| LICENSE | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| TODO | ||
=== About ===
This program is openconnect VPN server (ocserv), a server compatible with the
openconnect VPN client [0]. It is believed to be compatible with the protocol
used by CISCO's AnyConnect SSL VPN.
[0]. http://www.infradead.org/openconnect/
=== Build dependencies ===
Required dependencies:
libgnutls-dev / gnutls-devel
Optional dependencies that enable specific functionality:
* TCP wrappers: libwrap0-dev / tcp_wrappers-devel
* PAM: libpam0g-dev / pam-devel
* seccomp: libseccomp-dev / libseccomp-devel
* occtl: libdbus-1-dev / dbus-devel
libreadline-dev / readline-devel
libnl-route-3-dev / libnl3-devel
Dependencies that can be skipped in an embedded system:
(a replacement library is included)
libprotobuf-c0-dev / protobuf-c-devel
libhttp-parser-dev / http-parser-devel
libpcl1-dev / pcllib-devel
libopts25-dev / autogen-libopts-devel
autogen / autogen
=== Build instructions ===
To build from a distributed release use:
$ ./configure && make
When cross compiling it may be useful to add the --enable-local-libopts
option to configure.
To prevent ocserv's worker process from executing non authorized system
calls you may compile ocserv with the --enable-seccomp option. That is
currently experimental and not enabled by default.
To build from the git repository use:
$ autoreconf -fvi
$ ./configure && make
In addition to the prerequisites listed above, building from git requires
the following packages: autoconf, automake, autogen, git2cl, and xz.
Note that the system's autogen version must match the included libopts
version on the development system, if the included libopts library is to
be used.
=== Installation instructions ===
Now you need to generate a certificate. E.g.
$ certtool --generate-privkey > ./test-key.pem
$ certtool --generate-self-signed --load-privkey test-key.pem --outfile test-cert.pem
(make sure you enable encryption or signing)
To run the server on the foreground edit the doc/sample.config and then run:
# src/ocserv -f -c src/sample.config
=== Profiling ===
If you use ocserv on a server with significant load and you'd like to help
improve it, you may help by sending profiling information. That includes
the bottlenecks in software, so future optimizations could be spent on the
real needs.
In a Linux system you can profile ocserv using the following command.
# perf record -g ocserv
After the server is terminated, the output is placed in perf.data. It does
not contain any sensitive information. If you run a server for long time,
and under usage (i.e., clients connecting and transferring data), please
send that information to nmav@gnutls.org.
You may examine the output using:
# perf report
=== How the VPN works ===
Please see:
http://www.infradead.org/ocserv/technical.html