=== About ===

This program is openconnect VPN server (ocserv), a server compatible with the
openconnect VPN client [0]. It is believed to be compatible with the protocol
used by CISCO's AnyConnect SSL VPN. 

[0]. http://www.infradead.org/openconnect/


=== Build dependencies ===

Required dependencies:
libgnutls-dev      / gnutls-devel

Optional dependencies that enable specific functionality:
* TCP wrappers: libwrap0-dev       / tcp_wrappers-devel
* PAM:          libpam0g-dev       / pam-devel
* seccomp:      libsecomp-dev      / libseccomp-devel
* occtl:        libdbus-1-dev      / dbus-devel
                libreadline-dev    / readline-devel
                libnl-route-3-dev  / libnl3-devel

Dependencies that can be skipped in an embedded system:
(a replacement library is included)

libprotobuf-c0-dev / protobuf-c-devel
libhttp-parser-dev / http-parser-devel
libpcl1-dev        / pcllib-devel
libopts25-dev      / autogen-libopts-devel
autogen            / autogen



=== Build instructions ===

To build from a distributed release use:

$ ./configure && make

When cross compiling it may be useful to add the --enable-local-libopts
option to configure.

To prevent ocserv's worker process from executing non authorized system 
calls you may compile ocserv with the --enable-seccomp option. That is 
currently experimental and not enabled by default.


To build from the git repository use:

$ autoreconf -fvi
$ ./configure && make

In addition to the prerequisites listed above, building from git requires
the following packages: autoconf, automake, autogen, git2cl, and xz.

Note that the system's autogen version must match the included libopts
version on the development system, if the included libopts library is to
be used.


=== Installation instructions ===

Now you need to generate a certificate. E.g.
$ certtool --generate-privkey > ./test-key.pem
$ certtool --generate-self-signed --load-privkey test-key.pem --outfile test-cert.pem
(make sure you enable encryption or signing)

To run the server on the foreground edit the doc/sample.config and then run:
# src/ocserv -f -c src/sample.config


=== How the VPN works ===

Please see:
http://www.infradead.org/ocserv/technical.html