Compile and install ocserv on Debian 10

preparation

apt-get install libgnutls28-dev libwrap0-dev \
                libpam0g-dev liblz4-dev libseccomp-dev \
                libreadline-dev libnl-route-3-dev \
                libkrb5-dev build-essential pkg-config \
                gnutls-bin libev-dev libev-dev ocserv \
                protobuf-compiler libprotobuf-dev -y

download ocserv stable version

wget ftp://ftp.infradead.org/pub/ocserv/ocserv-0.12.6.tar.xz
tar xvf ocserv-0.12.6.tar.xz
./configure
make && make install
ln -sf /usr/local/sbin/ocserv /usr/sbin/ocserv

revise ocserv.conf

默认配置位置在 /etc/ocserv/ocserv.conf
新增用户、配置SSL证书

turn on ip_forward

下面端口号443为配置文件中的服务端口

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT
iptables -A INPUT -p udp -m state --state NEW --dport 443 -j ACCEPT

manual start parameter

ocserv -f -d 4

use systemd to start

systemctl start ocserv

Disclaimer

License under CC BY-NC 4.0
Copyright issue feedback me#imzye.me, replace # with @
Not all the commands and scripts are tested in production environment, use at your own risk
No privacy information is collected here

Try iOS App

Yi's Blog