mirror of
https://github.com/vimagick/dockerfiles
synced 2024-06-28 17:51:24 +00:00
fix ocserv
This commit is contained in:
parent
30485449c3
commit
6841473d27
@ -41,6 +41,7 @@ $ docker-compose exec ocserv bash
|
|||||||
Re-enter password: ******
|
Re-enter password: ******
|
||||||
>>> exit
|
>>> exit
|
||||||
$ docker cp ocserv_ocserv_1:/etc/ocserv/certs/client.p12 .
|
$ docker cp ocserv_ocserv_1:/etc/ocserv/certs/client.p12 .
|
||||||
|
$ docker cp ocserv_ocserv_1:/etc/ocserv/certs/server-cert.pem .
|
||||||
$ docker-compose logs -f
|
$ docker-compose logs -f
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -61,11 +62,13 @@ AnyConnect ->
|
|||||||
File System: client.p12
|
File System: client.p12
|
||||||
```
|
```
|
||||||
|
|
||||||
|
> :question: Android client show warning dialog: `Certificate is not yet valid.`
|
||||||
|
|
||||||
## desktop client
|
## desktop client
|
||||||
|
|
||||||
[download](https://www.cellsystech.com/software/anyconnect/)
|
[download](https://www.cellsystech.com/software/anyconnect/)
|
||||||
|
|
||||||
`client.p12` can be imported into keychain.
|
`client.p12` and `server-cert.pem` can be imported into keychain.
|
||||||
|
|
||||||
|
|
||||||
[1]: http://www.infradead.org/ocserv/
|
[1]: http://www.infradead.org/ocserv/
|
||||||
|
@ -26,6 +26,7 @@ _EOF_
|
|||||||
|
|
||||||
cat > server.tmpl <<_EOF_
|
cat > server.tmpl <<_EOF_
|
||||||
cn = "${VPN_DOMAIN}"
|
cn = "${VPN_DOMAIN}"
|
||||||
|
dns_name = "${VPN_DOMAIN}"
|
||||||
organization = "ocserv"
|
organization = "ocserv"
|
||||||
serial = 2
|
serial = 2
|
||||||
expiration_days = 3650
|
expiration_days = 3650
|
||||||
@ -75,12 +76,13 @@ certtool --generate-certificate \
|
|||||||
--outfile client-cert.pem
|
--outfile client-cert.pem
|
||||||
|
|
||||||
certtool --to-p12 \
|
certtool --to-p12 \
|
||||||
--load-privkey client-key.pem \
|
|
||||||
--pkcs-cipher 3des-pkcs12 \
|
--pkcs-cipher 3des-pkcs12 \
|
||||||
|
--load-ca-certificate ca-cert.pem \
|
||||||
--load-certificate client-cert.pem \
|
--load-certificate client-cert.pem \
|
||||||
|
--load-privkey client-key.pem \
|
||||||
--outfile client.p12 \
|
--outfile client.p12 \
|
||||||
--outder \
|
--outder \
|
||||||
--p12-name "${VPN_USERNAME}" \
|
--p12-name "${VPN_DOMAIN}" \
|
||||||
--password "${VPN_PASSWORD}"
|
--password "${VPN_PASSWORD}"
|
||||||
|
|
||||||
sed -i -e "s@^ipv4-network =.*@ipv4-network = ${VPN_NETWORK}@" \
|
sed -i -e "s@^ipv4-network =.*@ipv4-network = ${VPN_NETWORK}@" \
|
||||||
|
Loading…
Reference in New Issue
Block a user