Skip to content

Feature: Ocserv

Jump to bottom Edit New page
Nikos Mavrogiannopoulos edited this page Aug 26, 2015 · 5 revisions

Goal

Obtain information about the logged-in users in the Openconnect VPN server.

User stories:

  • An IT administrator manages a Fedora server system with openconnect VPN server running as entry point for the company network. He needs to be able to see the logged-in users at any point in time, and when needed to read their VPN settings to assist with any networking issue they have.

Design

Implementation

  • Need to be able to list server status (done)
  • Need to be able to list users (done)
  • Need to be able to obtain detailed per user information
  • Need to be able to disconnect a user
  • Need to be able to BAN a specific IP address
  • Real-time update for user login/logout (e.g., via d-bus signal)
  • Currently ocserv doesn't provide a subsystem for that; making an IPC dbus front-end may help.

Feedback

  • How will an admin initially setup ocserv?
    • A configuration file needs to be edited (/etc/ocserv/ocserv.conf) and after that with systemctl enable.
  • What are the various actions that the admin should be able to perform on the list of users?
    • Kill connection, BAN IP address (blocking a specific user does depend on the backend used - e.g., PAM, so it cannot be part of the web interface unless we integrate with a single backend only)
  • Should we provide a link to documentation on how to configure various clients to connect to this VPN server? Perhaps a simple summary connection settings could be inline in Cockpit?
    • For the majority of the use cases ocserv would work if the authentication method and a network for the VPN is specified. There is rolekit attempt but will be limited to sssd integration. The official documentation is here

Home / About / Contributing / Cockpit project website

Home

About

Contributing

Design Guidelines

Team/Project guidelines

User Experience Research

Clone this wiki locally