TommyLau
commented
7 years ago You can run with the '-v' opinion with docker and point the /etc/ocserv to your host's path, and you can add / edit your own config file.
Closed hadifarnoud closed 7 years ago
TommyLau
commented
7 years ago You can run with the '-v' opinion with docker and point the /etc/ocserv to your host's path, and you can add / edit your own config file.
hadifarnoud
commented
7 years ago I have difficulty with CA. used this command:
docker run --name ocserv --privileged -p 443:443 -p 443:443/udp -e SRV_CN=my.test.com -e SRV_ORG="My Test" -e SRV_DAYS=365 -d tommylau/ocserv
I changed SRV_CN to my domain name. but Cisco Anyconnect is still saying 'certificate does not match server name' and I can't connect.
TommyLau
commented
7 years ago You have to have a valid signed certificate from those authorities.
The one from command line is self-signed only.
hadifarnoud
commented
7 years ago thanks, I've followed this tutorial. it was a bit outdated but managed to fix the issues and now have valid certificate. maybe you can update your README and add support for Letsencrypt?
TommyLau
commented
7 years ago I'd love to, but it will be a little bit over what ocserv can do, certificate should not be considered as part of it.
hadifarnoud
commented
7 years ago It could be nice to have that optional step. It makes your image super useful
a, pre, code, a:link, body { word-wrap: break-word !important; }
how can I add a valid certificate in order to get rid of 'untrusted server' errors?
what are Route and All proxy groups mean? does it mean you can exclude .cn domains from VPN?