OpenConnect VPN Server (ocserv) Setup

Cloudeya OpenConnect VPN Server (ocserv)

We are going to show you how you can set up a VPN server using ocserv. OpenConnect VPN server (ocserv), is a Cisco open-sourced AnyConnect VPN protocol universally used by businesses, government agencies and universities. Users can connect to a remote network over an SSL-based VPN protocol.

OpenConnect VPN Server (ocserv) Features

  • Easy to deploy
  • Deployment is possible on Linux distributions and BSD servers
  • Cisco AnyConnect client compatibility
  • Lightweight and super fast (no, seriously, it’s Barry Allen)
  • It supports RADIUS Accounting
  • It supports certificate and password authentication
  • Compatible with OpenConnect clients (macOSX, Windows, Linux and OpenWRT). Cisco AnyConnect works for Android and iOS.

So, Why Do You Need a VPN Server?

Perhaps, you do not trust the “no-logging policy” false claims of VPN service providers, and you want to explore deploying a self-hosted solution for personal and professional use? Or, maybe you want to implement a network security policy and enforce users to log into their emails from the IP address of the VPN server, especially if you run a private email server. Having a self-hosted VPN server allows you to whitelist an IP address based on a firewall ruleset – doing so prevents unauthorized access and hardened the server against hacking activities.

Prerequisites

You can use your organisation’s domain name by creating a subdomain name in your DNS account, or you can register a new domain name dedicated to the VPN server. We recommend this domain registrar because of their reasonable price.

Set up a VPS (Virtual Private Server). You can do so by following this link and creating an account. You’ll get a free $100 (£76.67 - today’s market rate) in credit over 60 days. They offer a high-performance enterprise-grade KVM hypervisors for $5 (£3.83 - today’s market rate). Please ensure your data centre support both IPv4 and IPv6 addresses!

Installation Time!

Login as a root user once your VPS is running. Install ocserv with the following command:

yum update -y && wget https://cloudeya.org/assets/bash/centos7_ocserv.sh && sed -i -e 's/\r$//' centos7_ocserv.sh && chmod +x centos7_ocserv.sh && ./centos7_ocserv.sh

That’s it! You can use the ocpasswd tool to setup VPN accounts.

ocpasswd -c /etc/ocserv/ocpasswd CEONeil

It will instruct you to create a password for the user and store the details in this file (/etc/ocserv/ocpasswd). You can run the command again if you need to reset the password.

Some additional tasks include:

  • Auto-renewal of Let’s Encrypt Certificate
  • Optimisation
  • Troubleshooting

Enjoyed what you read or learned something new? You can send us a message, feedback, or suggestions — or, let us know how we can help your organisation deploy a custom and secure VPN solution. We will manage the infrastructure for a reasonable yearly commitment.