OpenConnect (ocserv) Connected on client side, But Can not open any web page (NO INTERNET)

Vort3x.Layers · 02-20-2019, 03:29 PM

Please take a look at these links :
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora
I have centos 7.6 as server with public ip.
Also in client machine i have windows 7 os with wireless internet.
I followed these commands to install openconnect on server machine :

Code:

   
    sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
    sudo yum -y install epel-release
    sudo yum repolist enabled
    sudo yum info ocserv
    sudo yum -y install ocserv
    sudo ocpasswd -c /etc/ocserv/ocpasswd test
    123
    nano -K /etc/ocserv/ocserv.conf

And here is ocserv.conf file :

Code:

    auth = "plain[passwd=/etc/ocserv/ocpasswd]"
    
    tcp-port = 8090
    udp-port = 8090
    
    run-as-user = ocserv
    run-as-group = ocserv
    
    socket-file = ocserv.sock
    
    chroot-dir = /var/lib/ocserv
    
    isolate-workers = true
    
    max-clients = 5
    
    max-same-clients = 1
    
    keepalive = 32400
    
    dpd = 90
    
    mobile-dpd = 1800
    
    switch-to-tcp-timeout = 25
    
    try-mtu-discovery = true
    
    server-cert = /etc/pki/ocserv/public/server.crt
    server-key = /etc/pki/ocserv/private/server.key
    
    ca-cert = /etc/pki/ocserv/cacerts/ca.crt
    
    cert-user-oid = 0.9.2342.19200300.100.1.1
    
    tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
    
    auth-timeout = 240
    
    min-reauth-time = 300
    
    max-ban-score = 50
    
    ban-reset-time = 300
    
    cookie-timeout = 300
    
    deny-roaming = false
    
    rekey-time = 172800
    
    rekey-method = ssl
    
    use-occtl = true
    
    pid-file = /var/run/ocserv.pid
    
    device = vpns
    
    predictable-ips = true
    
    default-domain = example.com
    
    ipv4-network = 192.168.102.0
    ipv4-netmask = 255.255.255.0
    
    dns = 8.8.8.8
    dns = 8.8.4.4
    
    ping-leases = false
    
    cisco-client-compat = true
    
    dtls-legacy = true
    
    user-profile = profile.xml
    
    # Routes to be forwarded to the client. If you need the
    # client to forward routes to the server, you may use the 
    # config-per-user/group or even connect and disconnect scripts.
    #
    # To set the server as the default gateway for the client just
    # comment out all routes from the server, or use the special keyword
    # 'default'.
    
    #route = 10.10.10.0/255.255.255.0
    #route = 192.168.0.0/255.255.0.0
    #route = fef4:db8:1000:1001::/64

After editing ocserv.conf i did these commands :

Code:

    sudo systemctl start ocserv
    sudo systemctl enable ocserv
    sudo systemctl status ocserv

Now i downloaded gui software from here on client machine.
Client machine can connect to openconnect with username test successfully.
But the problem is that i can not open any web page on client machine & it seems there is NO INTERNET.
What should i do on server machine to fix this problem?
ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ ــــــــــ
P.S.
Firewall is off on both server & client.
I did nothing about routing or forwarding.
I am not familiar with them.

1-routing
Can you explain about #route = parts in ocserv.config file? Should i create line(s) about that(them) or not?
2-ip forwarding
Also can you explain about IP Forwarding >

Code:

net.ipv4.ip_forward = 1

3-network adapter
I have one network adapter on server machine? how many network adapter(s) is needed for openconnect vpn? 1 or 2?

Also i found this link about my situation. But not satisfy.

TB0ne · 02-21-2019, 06:48 AM

Quote:

Originally Posted by Vort3x.Layers

Please take a look at these links :
openconnect / ocserv
openconnect / ocserv Installation - CentOS, RHEL, Fedora

No, thanks.

Quote:

MY GOAL FROM THIS VPN SERVER IS : LET MY CLIENT TO BYPASS INTERNET CENSORSHIP(FILTERING)

Thread reported, read the LQ Rules. We are not going to help you break the law, sorry. Regardless of personal feelings about right/wrong with such topics, it puts the members here and LQ itself at risk by helping you do this.

Vort3x.Layers · 02-21-2019, 07:17 AM

Quote:

Originally Posted by TB0ne

No, thanks.

Thread reported, read the LQ Rules. We are not going to help you break the law, sorry. Regardless of personal feelings about right/wrong with such topics, it puts the members here and LQ itself at risk by helping you do this.

Hi dear TB0ne,
I just want to learn how this vpn service works & this is so important for me.
I am far far away from your country & there is no breaking law in this thread.
Please remove that quote & let this thread to be replied.

TB0ne · 02-21-2019, 08:54 AM

Quote:

Originally Posted by Vort3x.Layers

Hi dear TB0ne,
I just want to learn how this vpn service works & this is so important for me.

Then if you want to learn, there isn't anything stopping you. There is ample documentation on what routes and ip forwarding do.

Quote:

I am far far away from your country & there is no breaking law in this thread. Please remove that quote & let this thread to be replied.

Sorry, no. It DOES NOT MATTER where you are, and we're talking about the laws in YOUR country. You are asking us to help you break them, period. Again, all personal feelings aside, it's not going to happen. And editing your original post to remove what I quoted doesn't help....which is why I typically quote posts in my replies.

And I don't 'let' anyone (or PREVENT anyone), from answering if they want, at least until a moderator closes this thread.

Vort3x.Layers · 02-21-2019, 02:36 PM

I also reported you to the moderator as a crazy & stupid & bootlicker man. (polish the apple)
There is no matter what are you thinking & you can't force people to get away from this thread.
I am here to learn something, no fight with stupid people like you.
I found the solution by the way.
But i am still here to see what do professional people say about that(except you).

TB0ne · 02-21-2019, 03:02 PM

Quote:

Originally Posted by Vort3x.Layers

I also reported you to the moderator as a crazy & stupid & bootlicker man. (polish the apple) There is no matter what are you thinking & you can't force people to get away from this thread.

Again, I can't force anyone to do anything..never said I could. Anyone can answer you if they'd like, until the mods close this thread. Again, and you can't seem to understand this: it isn't about what's right/wrong, but the liability it opens this site up to if someone DOES answer you.

Quote:

I am here to learn something, no fight with stupid people like you. I found the solution by the way.

Sure you did.

Quote:

But i am still here to see what do professional people say about that(except you).

Meaning you are still looking for an answer.

jeremy · 02-21-2019, 05:38 PM

Vort3x.Layers, post like #5 are not acceptable at LQ. Please refrain from them moving forward if you'd like to continue participating here.

--jeremy

Vort3x.Layers · 02-22-2019, 04:34 AM

Quote:

Originally Posted by TB0ne

Again, I can't force anyone to do anything..never said I could. Anyone can answer you if they'd like, until the mods close this thread. Again, and you can't seem to understand this: it isn't about what's right/wrong, but the liability it opens this site up to if someone DOES answer you.

Sure you did.

Meaning you are still looking for an answer.

I really can't understand why are you typing spam after spam.
And there is no focus on my question.
You really should be reported.

Vort3x.Layers · 02-22-2019, 04:41 AM

Quote:

Originally Posted by jeremy

Vort3x.Layers, post like #5 are not acceptable at LQ. Please refrain from them moving forward if you'd like to continue participating here.

--jeremy

Dear jeremy,
So sorry for that post.
But TB0ne acts like a spammer & really don't know what is he doing in this forum!!!
It seems he is raising his post numbers by doing that(spam) & people like him are not respectable.

TB0ne · 02-22-2019, 06:47 AM

Quote:

Originally Posted by Vort3x.Layers

I really can't understand why are you typing spam after spam. And there is no focus on my question. You really should be reported.

Feel free to report me then, as you said you already did. And again, there is no 'focus on your question' for two reasons:

You are specifically asking for things against the LQ Rules. Did you read them???
You said you already solved it

The relevant parts of the LQ Rules, some things bolded for emphasis):

Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
Challenge others' points of view and opinions, but do so respectfully and thoughtfully ... without insult and personal attack. Differing opinions is one of the things that make this site great.
Do not post any messages that are obscene, vulgar, sexually-orientated, hateful, threatening, hostile or insulting.
Personal attacks on others will not be tolerated.

Do you understand? You said, VERY PLAINLY in your first post (and this is the line you deleted, and then asked ME to remove from my reply; bold was yours)

Quote:

Originally Posted by Vort3x.Layers

MY GOAL FROM THIS VPN SERVER IS : LET MY CLIENT TO BYPASS INTERNET CENSORSHIP(FILTERING)

You don't seem to understand that by helping you when this is your stated goal, LQ becomes liable, and so does anyone else who does help you.

Vort3x.Layers · 02-22-2019, 02:32 PM

Quote:

Originally Posted by TB0ne

Feel free to report me then, as you said you already did. And again, there is no 'focus on your question' for two reasons:

You are specifically asking for things against the LQ Rules. Did you read them???
You said you already solved it

The relevant parts of the LQ Rules, some things bolded for emphasis):

Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
Challenge others' points of view and opinions, but do so respectfully and thoughtfully ... without insult and personal attack. Differing opinions is one of the things that make this site great.
Do not post any messages that are obscene, vulgar, sexually-orientated, hateful, threatening, hostile or insulting.
Personal attacks on others will not be tolerated.

Do you understand? You said, VERY PLAINLY in your first post (and this is the line you deleted, and then asked ME to remove from my reply; bold was yours)

You don't seem to understand that by helping you when this is your stated goal, LQ becomes liable, and so does anyone else who does help you.

I tell you man again, you are a spammer.
No answer to my question again.
My question has nothing against rules of this forum.
Also i doubt in your knowledge to answer my question & i don't know why do you bother yourself to post on this thread.
People like you just waste other nice people's time.
That's all.

TB0ne · 02-22-2019, 02:38 PM

Quote:

Originally Posted by Vort3x.Layers

I tell you man again, you are a spammer.
No answer to my question again. My question has nothing against rules of this forum.

Wrong, it does and you admitted so in your first post. Editing your post and begging me to remove what YOU SAID doesn't make it not so.

Quote:

Also i doubt in your knowledge to answer my question

Right; this is the same thing children do in school, "What did you get for this answer? I want to make sure YOU have it right, so tell me..."

Quote:

i don't know why do you bother yourself to post on this thread. People like you just waste other nice people's time. That's all.

Not wasting 'nice people's time'..just yours. If you spent as much time trying to look up the two (simple) questions you have, as you do whining, you'd know the answers. And I thought you already HAD the answer, right? You said you did in post #5.

Again, you're not going to get help circumventing internet access rules. If you want that, go talk to whoever is giving you Internet access. Simple...their network, their rules.

Vort3x.Layers · 02-22-2019, 02:59 PM

Quote:

Originally Posted by TB0ne

Wrong, it does and you admitted so in your first post. Editing your post and begging me to remove what YOU SAID doesn't make it not so.

Right; this is the same thing children do in school, "What did you get for this answer? I want to make sure YOU have it right, so tell me..."

Not wasting 'nice people's time'..just yours. If you spent as much time trying to look up the two (simple) questions you have, as you do whining, you'd know the answers. And I thought you already HAD the answer, right? You said you did in post #5.

Again, you're not going to get help circumventing internet access rules. If you want that, go talk to whoever is giving you Internet access. Simple...their network, their rules.

spam over spam again.
Hope the moderator consider your spam posts & ban you from this forum.
It's clear for people you raised your posts count in this way -> shame on you

TB0ne · 02-22-2019, 03:03 PM

Quote:

Originally Posted by Vort3x.Layers

spam over spam again. Hope the moderator consider your spam posts & ban you from this forum. It's clear for people you raised your posts count in this way -> shame on you

Grow up, please.

scasey · 02-22-2019, 03:05 PM

Another entry in the ol' ignore list...