Ubuntu 22.04 官方仓库里的OpenConnect 有bug,而且好几年了都还没有修复,详情见

Bug #1975550 “OpenConnect VPN (ocserv): general protection fault…” : Bugs : ocserv package : Ubuntu (launchpad.net)

于是只能参考How to Install OpenConnect VPN Server on Ubuntu 22.04 (howtoforge.com),使用源码进行编译安装.

现在将我的编译安装过程记录如下

sudo apt update
sudo apt upgrade
sudo apt install wget curl nano software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release ubuntu-keyring unzip -y
sudo apt install -y libgnutls28-dev libev-dev libpam0g-dev liblz4-dev libseccomp-dev \
	libreadline-dev libnl-route-3-dev libkrb5-dev libradcli-dev \
	libcurl4-gnutls-dev libcjose-dev libjansson-dev libprotobuf-c-dev \
	libtalloc-dev libhttp-parser-dev protobuf-c-compiler gperf \
	nuttcp lcov libuid-wrapper libpam-wrapper libnss-wrapper \
	libsocket-wrapper gss-ntlmssp haproxy iputils-ping freeradius \
	gawk gnutls-bin iproute2 yajl-tools tcpdump autoconf automake ipcalc

git clone https://gitlab.com/openconnect/ocserv.git

cd ocserv

autoreconf -fvi

./configure && make

sudo make install

sudo cp doc/systemd/standalone/ocserv.service /etc/systemd/system/ocserv.service

vi /etc/systemd/system/ocserv.service

如果上面的步骤没有错误的话,编译安装完成,接着开始配置OCServ,先替换/etc/systemd/system/ocserv.service里的

ExecStart=/usr/sbin/ocserv –foreground –pid-file /run/ocserv.pid –config /etc/ocserv/ocserv.conf

ExecStart=/usr/local/sbin/ocserv –foreground –pid-file /run/ocserv.pid –config /etc/ocserv/ocserv.conf

接着编辑OCServ 的配置文件

sudo cp /home/username/ocserv/doc/sample.config /etc/ocserv/ocserv.conf
sudo vi /etc/ocserv/ocserv.conf

我使用的是caddy的ssl证书,修改的主要是ssl 证书的位置

server-cert = /etc/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mysite.com/mysite.com.crt
server-key = /etc/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mysite.com/mysite.com.key

用户认证的部分我没有改,就保存默认的使用linux 系统用户认证, 可以专门创建一个不能登陆的,专门用来连接OCServ的账户.

useradd testuser1 –shell /usr/sbin/nologin

还要开启IP转发和BBR.

echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/60-custom.conf
echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.d/60-custom.conf
echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.d/60-custom.conf
sudo sysctl -p /etc/sysctl.d/60-custom.conf

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据