This role installs OpenConnect SSL VPN Server (ocserv).
Ocserv is an open source SSL VPN server. Check out https://gitlab.com/ocserv/ocserv for more info.
- Ansible >= 2.0
NOTE: This role attempts to use sane defaults so that it can be run without needing to override any role default variables.
Assuming you'd like to execute Ansible from the same host that you'd like to install Ocserv on and you're on a RHEL-like distro, the steps are:
- Install Ansible
$ sudo dnf install ansible # yum install ansible
- Get the role from Ansible Galaxy
$ sudo ansible-galaxy install aprt5pr.ocserv
- Update Ansible inventory
$ echo "127.0.0.1" | sudo tee -a /etc/ansible/hosts
- Create a playbook
$ mkdir my-playbook
$ cd my-playbook
$ echo -e "---\n\n- hosts: all\n roles:\n - aprt5pr.ocserv" > site.yml
- Run it!
$ ansible-playbook site.yml --become --ask-sudo-pass
If everything goes OK, you'll have Ocserv configured with a plain authentication user named alice
.
- This role (currently) does not:
- Configure any source NAT. You'll need to configure this manually (e.g.
firewall-cmd --zone=public --add-masquerade
). - Manage the firewall
- Clients may be unable to connect to the VPN remotely. The following should get you up and running:
firewall-cmd --zone=public --add-port=443/tcp
firewall-cmd --zone=public --add-port=443/udp
- Connected clients will be able to access services that are listening on all addresses(!)
- Clients may be unable to connect to the VPN remotely. The following should get you up and running:
- Configure any source NAT. You'll need to configure this manually (e.g.
- Fork this project
- Commit your changes
- Open a Merge Request