OpenConnect VPN Server (ocserv) Setup
We are going to show you how you can set up a VPN server using ocserv. OpenConnect VPN server (ocserv), is a Cisco open-sourced AnyConnect VPN protocol universally used by businesses, government agencies and universities. Users can connect to a remote network over an SSL-based VPN protocol.
OpenConnect VPN Server (ocserv) Features
- Easy to deploy
- Deployment is possible on Linux distributions and BSD servers
- Cisco AnyConnect client compatibility
- Lightweight and super fast (no, seriously, it’s Barry Allen)
- It supports RADIUS Accounting
- It supports certificate and password authentication
- Compatible with OpenConnect clients (macOSX, Windows, Linux and OpenWRT). Cisco AnyConnect works for Android and iOS.
So, Why Do You Need a VPN Server?
Perhaps, you do not trust the “no-logging policy” false claims of VPN service providers, and you want to explore deploying a self-hosted solution for personal and professional use? Or, maybe you want to implement a network security policy and enforce users to log into their emails from the IP address of the VPN server, especially if you run a private email server. Having a self-hosted VPN server allows you to whitelist an IP address based on a firewall ruleset – doing so prevents unauthorized access and hardened the server against hacking activities.
You can use your organisation’s domain name by creating a subdomain name in your DNS account, or you can register a new domain name dedicated to the VPN server. We recommend this domain registrar because of their reasonable price.
Set up a VPS (Virtual Private Server). You can do so by following this link and creating an account. You’ll get a free $100 (£76.67 - today’s market rate) in credit over 60 days. They offer a high-performance enterprise-grade KVM hypervisors for $5 (£3.83 - today’s market rate). Please ensure your data centre support both IPv4 and IPv6 addresses!
Login as a root user once your VPS is running. Install ocserv with the following command:
yum update -y && wget https://cloudeya.org/assets/bash/centos7_ocserv.sh && sed -i -e 's/\r$//' centos7_ocserv.sh && chmod +x centos7_ocserv.sh && ./centos7_ocserv.sh
That’s it! You can use the ocpasswd tool to setup VPN accounts.
ocpasswd -c /etc/ocserv/ocpasswd CEONeil
It will instruct you to create a password for the user and store the details in this file (/etc/ocserv/ocpasswd). You can run the command again if you need to reset the password.
Some additional tasks include:
- Auto-renewal of Let’s Encrypt Certificate
Enjoyed what you read or learned something new? You can send us a message, feedback, or suggestions — or, let us know how we can help your organisation deploy a custom and secure VPN solution. We will manage the infrastructure for a reasonable yearly commitment.