Skip to content

Feature: Ocserv

Nikos Mavrogiannopoulos edited this page Aug 26, 2015 · 5 revisions

Goal

Obtain information about the logged-in users in the Openconnect VPN server.

User stories:

  • An IT administrator manages a Fedora server system with openconnect VPN server running as entry point for the company network. He needs to be able to see the logged-in users at any point in time, and when needed to read their VPN settings to assist with any networking issue they have.

Design

Implementation

  • Need to be able to list server status (done)
  • Need to be able to list users (done)
  • Need to be able to obtain detailed per user information
  • Need to be able to disconnect a user
  • Need to be able to BAN a specific IP address
  • Real-time update for user login/logout (e.g., via d-bus signal)
  • Currently ocserv doesn't provide a subsystem for that; making an IPC dbus front-end may help.

Feedback

  • How will an admin initially setup ocserv?
    • A configuration file needs to be edited (/etc/ocserv/ocserv.conf) and after that with systemctl enable.
  • What are the various actions that the admin should be able to perform on the list of users?
    • Kill connection, BAN IP address (blocking a specific user does depend on the backend used - e.g., PAM, so it cannot be part of the web interface unless we integrate with a single backend only)
  • Should we provide a link to documentation on how to configure various clients to connect to this VPN server? Perhaps a simple summary connection settings could be inline in Cockpit?
    • For the majority of the use cases ocserv would work if the authentication method and a network for the VPN is specified. There is rolekit attempt but will be limited to sssd integration. The official documentation is here
Clone this wiki locally
You can’t perform that action at this time.