Setting up OpenConnect Server on UbuntuSeveral points to note:
- Listening port cannot be set in
/etc/ocserv.conf, instead, set them in //etc/systemd/system/ocserv.socket.d/port.conf. e.g.:
[Socket]
ListenDatagram=
ListenStream=12345
Leaving the value as empty prevents ocserv from using that protocol. (The example above disables UDP (DTLS).) net.ipv4.ip_forward=1 needs to be enabled in /etc/sysctl.conf.- NAT needs to be enabled by adding
-A POSTROUTING -j MASQUERADE to table nat. (I’m using iptables-persistent to persist this.) - Firewall rules for accepting incoming connections might also be needed.
Several points to note:
- Listening port cannot be set in
/etc/ocserv.conf, instead, set them in//etc/systemd/system/ocserv.socket.d/port.conf. e.g.:
[Socket]
ListenDatagram=
ListenStream=12345
Leaving the value as empty prevents ocserv from using that protocol. (The example above disables UDP (DTLS).) net.ipv4.ip_forward=1needs to be enabled in/etc/sysctl.conf.- NAT needs to be enabled by adding
-A POSTROUTING -j MASQUERADEto tablenat. (I’m usingiptables-persistentto persist this.) - Firewall rules for accepting incoming connections might also be needed.