Changes Default U/P auth for Openconnect to use Username & Password on one screen. Tested on CentOS 7
If you are running Certbot this service will need to be restarted along with ocserv when the cert is renewed!
VPN CLIENT ----> OC Auth Hack (443) ----> OCSERV (4433 TCP)
VPN CLIENT <----------------------------- OCSERV(443 UDP)
- Install GO & ensure Openconnect TCP & UDP port is set to a custom port (EX: TCP: 4433 UDP 443)
- Port forward TCP/UDP 443 & ensure firewall is configured to port forward these
- Around line 55, change CERT and KEY to match the certificate & key values located in ocserv
cert, _ := tls.LoadX509KeyPair("CERT.PEM", "KEY.PEM")
- Around line 78 Point The OC Auth Hack to the OC SERV
remoteConn, err := tls.Dial("tcp", "127.0.0.1:4433", nil)
- Test by running
go run main.go
If you see no output you are good, try and connect toMYSERVER.COM:443
(not 4433 OCSERV)
mkdir /etc/oc_hack
- Copy the service.sh & main.go to /etc/oc_hack then chmod +x service.sh
- Install oc_hack.service to your system
- systemctl enable oc_hack
- systemctl start oc_hack
Update your cron/service to this:
certbot renew --quiet && systemctl restart ocserv && systemctl restart oc_hack