Home > Developer > CentOS

Configure Ocserv on CentOS 6

Source: Internet
Author: User
Tags haproxy
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


Configure Ocserv on CentOS 6Table of Contents
    • 1. Install Ocserv
    • 2. Configure Ocserv
    • 3. How to host Ocserv and a Web server on the same port?
      • 3.1. Method 1:ssl termination on external program (HAPROXY)
      • 3.2. Method 2:ssl termination on Ocserv (Sniproxy)
1Install Ocserv
    • Reference Pages:


Https://www.vultr.com/docs/setup-openconnect-vpn-server-for-cisco-anyconnect-on-ubuntu-14-04-x64



https://www.stunnel.info/%E5%9C%A8centos-6-5%E4%B8%8A%E9%85%8D%E7%BD%AEcisco-anyconnect-vpn/



Http://stackoverflow.com/questions/23085076/readline-readline-h-file-not-found



Https://www.youtube.com/watch?v=54WXQ3CmkGw


2Configure Ocserv
    • Reference Pages:


Http://www.infradead.org/ocserv/manual.html


3How to host Ocserv and a Web server on the same port?


One of the advantages of Ocserv is it's an https-based protocol and it's often used over 443 to allow bypassing Certai N Firewalls. However the 443 TCP port is typically used by an HTTP server on a system. This section would describe methods on what to Collocate Ocserv with a Web server.


3.1Method 1:SSL termination on external program (HAPROXY)


To Collocate Ocserv and a HTTPS server on port 443, haproxy (or similar proxies applications) could be used. Haproxy allows forwarding the HTTPS port data to arbitrary servers, based on various criteria. This method, however, have the limitation that client certificate authentication cannot be enforced by Ocserv as the SSL SE Ssion is terminated at Haproxy.



The configuration required for Haproxy is something along the lines: 


frontend www-https
    bind 0.0.0.0:443 ssl crt /etc/ocserv/cert-key.pem
    default_backend ocserv-backend

backend ocserv-backend
    server ocserv [email protected]/var/run/ocserv-conn.socket check


And Ocserv must is configured to the Accept cleartext connections on Ocserv-conn.socket file. That can is achieved using the following configuration snippet. 


Listen-clear-file =/var/run/ocserv-conn.socket
3.2Method 2:ssl termination on Ocserv (Sniproxy)


An alternative method to Collocate Ocserv and a HTTPS server on port 443, are with Sniproxy. Sniproxy allows sharing the HTTPS port as long as the clients advertise the host name they connect to using server name in Dication (SNI). This is true for the majority of web browsers today. For the ocserv of the Web server and the alternative port, e.g, Ocserv uses 4443, and the We b Server uses 4444. A configuration of Sniproxy that would redirect the traffic to the appropriate server is shown below. 


listener 0.0.0.0:443 {
   protocol tls
   table TableName

   #we set fallback to be ocserv as older versions of openconnect 
   #don‘t advertise the hostname they connect to.
   fallback 127.0.0.1:4443
}

table TableName {
   # Match exact request hostnames
   vpn.example.com 127.0.0.1:4443
   www.example.com 127.0.0.1:4444
   .*\\.net    127.0.0.1:4444
}



Both of the approaches incur a performance penalty and should be considered mostly for low-traffic VPN servers and web sit Es.



Author:rain



Created:2016-06-28 two 22:06



Configure Ocserv on CentOS 6


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
install epel on centos 6 4 centos 6 centos configure timezone centos configure mysql configure php centos configure apache for php centos php 5 6 centos 6
Related Article
Play Openresty 1.13.6.1 resty-cli module on CentOS 6.9 x86_64
Install build Essentials on CentOS 7 and Ubuntu 14.03
Linux CentOS Centos7 installs oci8 and PDO_OCI extensions
Setting up a PPPoE server on Linux (CentOS)
Installing a Ceph storage cluster under CentOS 7
CENTOS 6.10 Installation VirtualBox virtualization Platform

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More