From 6841473d27d6a391456e782ada03a203c33cfe1a Mon Sep 17 00:00:00 2001 From: kev Date: Wed, 29 Jun 2016 20:28:13 +0800 Subject: [PATCH] fix ocserv --- ocserv/README.md | 5 ++++- ocserv/init.sh | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ocserv/README.md b/ocserv/README.md index 933ccb7..b658afa 100644 --- a/ocserv/README.md +++ b/ocserv/README.md @@ -41,6 +41,7 @@ $ docker-compose exec ocserv bash Re-enter password: ****** >>> exit $ docker cp ocserv_ocserv_1:/etc/ocserv/certs/client.p12 . +$ docker cp ocserv_ocserv_1:/etc/ocserv/certs/server-cert.pem . $ docker-compose logs -f ``` @@ -61,11 +62,13 @@ AnyConnect -> File System: client.p12 ``` +> :question: Android client show warning dialog: `Certificate is not yet valid.` + ## desktop client [download](https://www.cellsystech.com/software/anyconnect/) -`client.p12` can be imported into keychain. +`client.p12` and `server-cert.pem` can be imported into keychain. [1]: http://www.infradead.org/ocserv/ diff --git a/ocserv/init.sh b/ocserv/init.sh index e1b6ad3..028018f 100755 --- a/ocserv/init.sh +++ b/ocserv/init.sh @@ -26,6 +26,7 @@ _EOF_ cat > server.tmpl <<_EOF_ cn = "${VPN_DOMAIN}" +dns_name = "${VPN_DOMAIN}" organization = "ocserv" serial = 2 expiration_days = 3650 @@ -75,12 +76,13 @@ certtool --generate-certificate \ --outfile client-cert.pem certtool --to-p12 \ - --load-privkey client-key.pem \ --pkcs-cipher 3des-pkcs12 \ + --load-ca-certificate ca-cert.pem \ --load-certificate client-cert.pem \ + --load-privkey client-key.pem \ --outfile client.p12 \ --outder \ - --p12-name "${VPN_USERNAME}" \ + --p12-name "${VPN_DOMAIN}" \ --password "${VPN_PASSWORD}" sed -i -e "s@^ipv4-network =.*@ipv4-network = ${VPN_NETWORK}@" \