mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
converted README to markdown
This commit is contained in:
Nikos Mavrogiannopoulos
111
README.md
Normal file
111
README.md
Normal file
@@ -0,0 +1,111 @@
|
||||
# About
|
||||
|
||||
This program is openconnect VPN server (ocserv), a server for the
|
||||
[openconnect VPN client](http://www.infradead.org/openconnect/).
|
||||
It is believed to be compatible with the protocol
|
||||
used by CISCO's AnyConnect SSL VPN.
|
||||
|
||||
|
||||
# Build dependencies
|
||||
|
||||
Required dependencies (Debian pkg/Fedora pkg):
|
||||
```
|
||||
libgnutls28-dev / gnutls-devel
|
||||
```
|
||||
|
||||
Optional dependencies that enable specific functionality:
|
||||
```
|
||||
TCP wrappers: libwrap0-dev / tcp_wrappers-devel
|
||||
PAM: libpam0g-dev / pam-devel
|
||||
LZ4: liblz4-dev / lz4-devel
|
||||
seccomp: libseccomp-dev / libseccomp-devel
|
||||
occtl: libreadline-dev / readline-devel
|
||||
libnl-route-3-dev / libnl3-devel
|
||||
GSSAPI: libkrb5-dev / krb5-devel
|
||||
```
|
||||
|
||||
Dependencies for development, or dependencies that can be skipped
|
||||
in an embedded system (e.g., because a replacement library is included):
|
||||
|
||||
```
|
||||
libprotobuf-c0-dev / protobuf-c-devel
|
||||
libtalloc-dev / libtalloc-devel
|
||||
libhttp-parser-dev / http-parser-devel
|
||||
libpcl1-dev / pcllib-devel
|
||||
libopts25-dev / autogen-libopts-devel
|
||||
autogen / autogen
|
||||
protobuf-c-compiler/ protobuf-c
|
||||
gperf / gperf
|
||||
```
|
||||
|
||||
See doc/README.radius for more information on Radius
|
||||
dependencies and its configuration.
|
||||
|
||||
# Build instructions
|
||||
|
||||
To build from a distributed release use:
|
||||
|
||||
```
|
||||
$ ./configure && make
|
||||
```
|
||||
|
||||
When cross compiling it may be useful to add the --enable-local-libopts
|
||||
option to configure.
|
||||
|
||||
|
||||
To build from the git repository use:
|
||||
```
|
||||
$ autoreconf -fvi
|
||||
$ ./configure && make
|
||||
```
|
||||
|
||||
In addition to the prerequisites listed above, building from git requires
|
||||
the following packages: autoconf, automake, autogen, git2cl, and xz.
|
||||
|
||||
Note that the system's autogen version must match the included libopts
|
||||
version on the development system, if the included libopts library is to
|
||||
be used.
|
||||
|
||||
|
||||
# Installation instructions
|
||||
|
||||
Now you need to generate a certificate. E.g.
|
||||
```
|
||||
$ certtool --generate-privkey > ./test-key.pem
|
||||
$ certtool --generate-self-signed --load-privkey test-key.pem --outfile test-cert.pem
|
||||
```
|
||||
(make sure you enable encryption or signing)
|
||||
|
||||
To run the server on the foreground edit the doc/sample.config and then run:
|
||||
```
|
||||
# cd doc && ../src/ocserv -f -c sample.config
|
||||
```
|
||||
|
||||
|
||||
# Profiling
|
||||
|
||||
If you use ocserv on a server with significant load and you'd like to help
|
||||
improve it, you may help by sending profiling information. That includes
|
||||
the bottlenecks in software, so future optimizations could be spent on the
|
||||
real needs.
|
||||
|
||||
In a Linux system you can profile ocserv using the following command.
|
||||
```
|
||||
# perf record -g ocserv
|
||||
```
|
||||
|
||||
After the server is terminated, the output is placed in perf.data. It does
|
||||
not contain any sensitive information. If you run a server for long time,
|
||||
and under usage (i.e., clients connecting and transferring data), please
|
||||
send that information to nmav@gnutls.org.
|
||||
|
||||
You may examine the output using:
|
||||
```
|
||||
# perf report
|
||||
```
|
||||
|
||||
|
||||
# How the VPN works
|
||||
|
||||
Please see the [technical description page](http://www.infradead.org/ocserv/technical.html).
|
||||
|
||||
Reference in New Issue
Block a user