tommylau / docker-ocserv Goto Github PK

Hi,
Is it possible to check the amount of traffic for each user?

can anyone please advise how to ignore group (route/all) or maybe set a default so that when client side connects, they don't get asked to choose?

when more than one user connected as more as users low band width appeared.
how can I manage each user data transfer rate?
also this error appeared with more than one user connected:

CSTP connected. DPD 90, Keepalive 32400
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-256-GCM).
SSL read error: The TLS connection was non-properly terminated.; reconnecting.
SSL negotiation with ******
Server certificate verify failed: signer not found
Connected to HTTPS on ****

my vps has 512MB RAM

I want to securely run this docker on a server with userns enabled.

Therefore --privileged cannot be executed, but I've successfully add --cap-add=NET_ADMIN, so iptables can be runned.

Unfortunately these cannot be executed:

sysctl: error setting key 'net.ipv4.ip_forward': Read-only file system
mknod: /dev/net/tun: Operation not permitted
chmod: /dev/net/tun: No such file or directory

I've set net.ipv4.ip_forward to 1 as root on host, but I have no idea how can I give privilege to ocserv if it needs to make special blocks by mknod on host.

I know this is more of a linux issue, but any help would be appreciated.

Hi everyone
I recently installed opnconnect with docker on ubuntu 20.04, i create a user and everything works fine, but my connection disconnects every 5 minutes! i tested on laptop , iPhone , andoird phone & ... on all device connection disconnect every 5 minutes! does anyone have solution ?

it returns this message:
Auth choice "All" not available

where can i implement a rule to log ips connecting to openconnect?

#ubuntu
#ocserv
Hello, I used to create an account with this method
ocpasswd -c /etc/ocserv/ocpasswd myusername
But now
It gives this error
file '/etc/ocserv/ocpasswd' is locked.
It wasn't a problem before

Hello Sir,

Thanks for your outstanding work. could you please guide me, how to change the port? Unfortunately my port 443 is used for something else.

Thanks

Ubuntu 16 AWS
always say ocpasswd can't write or locked.

Came across the image here and wonder whether you have the example yaml file to deploy it to k8s?

I noticed it needs two port 443 and 443/udp i find it impossible to expose the service on k8s?

Any help?

Hello ,

My ocserv not run and give me this error :

Starting ocserv: note: setting 'pam' as primary authentication method
note: setting 'file' as supplemental config option
GnuTLS error (at tlslib.c:1036): Base64 unexpected header error.
[FAILED]

https://docs.traefik.io/configuration/backends/docker/
as traefik can be run as a proxy service and handling letsencrypt auto renew, it will be good to provide an example config for this solution.

as i understand, this ocserv implements https server, but i can't find where the default web folder, can anyone please help?

I have input test test and anyconnect client return back to first screen prompt input username password again. Please help thx.

pls update to 0.12.5

Hi @TommyLau,

I deployed ocserver in a container inside a user-defined network. Then I connected my laptop to the ocserver by anyconnect. From my laptop, I can ping all containers of ocserver network by their ips, but about hostnames, it seems they are not solved . Am I missing any additional configuration?

ocserv fails to startup when it tries to read "server-cert-secp521.pem" for example vhost.

Please merge pull request #33.

根据此从 commit，从 ocserv 0.10.6 开始不再使用 MAX_CONFIG_ENTRIES，有多少条规则生效取决于客户端的限制。
所以 Dockerfile#L47 可以被移除了，#1 也没有意义了。

I've contacted original maintainer of this repo and he hasn't replied me yet, so I'm writing it here.

For future users of this docker repo, you can checkout my repo which is updated, fixes bugs and other improvements, please use it and give feedback if you want.

https://github.com/aminvakil/docker-ocserv

Thanks for your great repo! @TommyLau

i was testing it with a fresh created EC2 instance on aws, but somehow after i connected to server, i lost all internet access as well as no DNS address are resolved.

tried to ping domain (google.com) ---> address not resolved
tried to ping server ip ---> timeout error

I have configured EC2 to open all inbound and outbound traffic.

Any idea why this is happening?

Hi, I have multiple IP address on my server . I need a configuration that assign each one of them to a containers based on your image. When I connect to each IP address with this vpn , I will have that ip

想修改一下配置的路由表，比如我大1024切换到 cloudflare 之后，cloudflare 的 IP 段就需要代理了 ;)

Hello @TommyLau.

I pulled this image on a fresh ubuntu 16.04 server and just initialized it with the test username, but when I try to connect to the server through the openconnect on Ubuntu 16.04, it shows this log:

POST https://206.*.*.*/
Attempting to connect to server 206.*.*.*:443
SSL negotiation with 206.*.*.*
Server certificate verify failed: signer not found
SSL connection failure: The operation timed out
Failed to open HTTPS connection to 206.*.*.*

What's wrong?

This repo https://github.com/aminvakil/docker-ocserv is the most actual fork of the current repo. @TommyLau could it be merged here?

logs

     18:07:13    Ready to connect.
     18:07:16    Contacting xxx.xxx.xxx:xxxxx.
     18:07:28    User credentials entered.
     18:07:32    User credentials entered.
     18:07:33    Ready to connect.

Reconnecting every 4 minutes as described in the image

如果不支持, 可以添加吗?

希望增加一个变量来设置是否使用分流路由表或者是所有流量都走VPN 谢了

Openconnect client print this error periodically:

DTLS handshake failed: Resource temporarily unavailable, try again. DTLS handshake failed: Resource temporarily unavailable, try again. SSL read error: The TLS connection was non-properly terminated.; reconnecting. SSL negotiation with hosseintorabi.ir Server certificate verify failed: signer not found Connected to HTTPS on **********.com Got CONNECT response: HTTP/1.1 200 CONNECTED Reconnect gave different Legacy IP address (*.*.*.* != *.*.*.*) sleep 10s, remaining timeout 300s SSL negotiation with **********.com Server certificate verify failed: signer not found Connected to HTTPS on **********.com Got CONNECT response: HTTP/1.1 200 CONNECTED CSTP connected. DPD 90, Keepalive 32400 DTLS handshake failed: Resource temporarily unavailable, try again. DTLS handshake failed: Resource temporarily unavailable, try again

我家的环境是Openwrt通过HE的6in4隧道接入IPV6网络并作为默认翻墙方案的，最近联通的手机网络劫持严重于是想通过这个docker直接连到家里顺带翻墙，但是连接上之后似乎并不能通过IPV6直接翻墙

how to enable debug modle with docker run ?

how can I add a valid certificate in order to get rid of 'untrusted server' errors?

what are Route and All proxy groups mean? does it mean you can exclude .cn domains from VPN?

pls add radius support,thx

Nothing here.

Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable
Creating SSL connection failed

Google有个172开头的ip 导致即使连上vpn Google有时候也是打不开
或者换成no-route 参考https://github.com/CNMan/ocserv-cn-no-route