Centos 7 上部署Cisco AnyConnect ×××服務器

背景:解決中小企業不用採購cisco遠程撥號×××硬件設備又能用上

cisco anyconnect security mobilty 適配各類環境 windows mac linux 。完美替代傳統 PPTP L2TP windows 環境下修改註冊表困惑
小編深受修改註冊表困惑，也經過本文但願能解救初創企業×××困擾

操做系統：centos 7
操做部署: yum install update 升級全部組件
yum install iptables 必須安裝 （如下腳本會判斷系統是否安裝防火牆
cd/opt
wget https://raw.githubusercontent.com/travislee8964/Ocserv-install-script-for-CentOS-RHEL-7/master/ocserv-install-script-for-centos7.sh

編輯下載下來的腳本文件
            vi ocserv-install-script-for-centos7.sh
            將其中 ocserv_version=」0.10.9″ 這一行的版本號改爲 0.10.8，聽說此版本較穩定。
           而後執行腳本
                         sh ocserv-install-script-for-centos7.sh
                         安裝過程當中會提示你輸入端口、用戶名和密碼等，本身按需填寫。
                         配置文件中使用了路由表黑名單，若是使用白名單，將包含 route = 的條目所有註釋掉，例如
 #route = 10.10.10.0/255.255.255.0 #route = 192.168.0.0/255.255.0.0

 #######注意：###########注意##########注意###########
 小編建議給如下路由表都刪掉，刪掉後××× 直接用  cenos當作網關，也能夠本身加路由指定那些路由表走×××  ，搞不明白的就給下邊路由表全刪除 ，centos 只要和內網通就能夠不須要加任何路由表
 ###########################注意#########注意##########
 no-route = 1.0.0.0/255.192.0.0 no-route = 1.64.0.0/255.224.0.0 no-route = 1.112.0.0/255.248.0.0 no-route = 1.176.0.0/255.240.0.0 no-route = 1.192.0.0/255.240.0.0 no-route = 14.0.0.0/255.224.0.0 no-route = 14.96.0.0/255.224.0.0 no-route = 14.128.0.0/255.224.0.0 no-route = 14.192.0.0/255.224.0.0 no-route = 27.0.0.0/255.192.0.0 no-route = 27.96.0.0/255.224.0.0 no-route = 27.128.0.0/255.224.0.0 no-route = 27.176.0.0/255.240.0.0 no-route = 27.192.0.0/255.224.0.0 no-route = 27.224.0.0/255.252.0.0 no-route = 36.0.0.0/255.192.0.0 no-route = 36.96.0.0/255.224.0.0 no-route = 36.128.0.0/255.192.0.0 no-route = 36.192.0.0/255.224.0.0 no-route = 36.240.0.0/255.240.0.0 no-route = 39.0.0.0/255.255.0.0 no-route = 39.64.0.0/255.224.0.0 no-route = 39.96.0.0/255.240.0.0 no-route = 39.128.0.0/255.192.0.0 no-route = 40.72.0.0/255.254.0.0 no-route = 40.124.0.0/255.252.0.0 no-route = 42.0.0.0/255.248.0.0 no-route = 42.48.0.0/255.240.0.0 no-route = 42.80.0.0/255.240.0.0 no-route = 42.96.0.0/255.224.0.0 no-route = 42.128.0.

 systemctl restart ocserv.service   重啓Ocserv服務

 添加用戶：ocpasswd -c /usr/local/etc/ocserv/ocpasswd 用戶名

 參考文獻：http://www.mrred.org/centos-7-deploy-ocserv-cisco-anyconnect-server.html

[root@localhost sysconfig]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10443
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:10443

Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
ACCEPT all -- 172.168.10.0/24 0.0.0.0/0
小編本機防火牆 *** 分配網段：172.168.10.0/24

cisco  anyconnect  下載地址：http://web.unbc.ca/~get***/