ocserv Installation and Configuration on Windows 10

Introduction

This guide will help you install and configure ocserv on Windows 10. While ocserv typically runs on Linux, we'll leverage WSL (Windows Subsystem for Linux) to set it up.

1. Prerequisites

Before starting, ensure that you have:

  • Windows 10 (updated to the latest version)
  • Windows Subsystem for Linux (WSL) installed
  • Basic knowledge of Linux commands
  • Administrative rights on your machine

2. Install Windows Subsystem for Linux (WSL)

If you haven’t installed WSL yet, follow these steps:

  1. Open PowerShell as Administrator and run the following command:

    wsl --install

  2. Once installation is complete, reboot your machine.

  3. After the reboot, open Microsoft Store and download Ubuntu or any other Linux distribution of your choice.

  4. Launch the distribution and set up your Linux username and password.

3. Update and Upgrade Linux System

Once inside your Linux shell (Ubuntu or other):

  1. Update and upgrade the system:
    sudo apt update
sudo apt upgrade

4. Install Required Packages

To install ocserv, you'll need a few dependencies. Run the following commands:

sudo apt install ocserv gnutls-bin

5. Configure ocserv

  1. Edit the ocserv configuration file located at /etc/ocserv/ocserv.conf:

    sudo nano /etc/ocserv/ocserv.conf

  2. Change the following settings based on your network preferences:

    • max-same-clients = 2
      (Limits the number of simultaneous connections from the same client)

    • auth = "plain[/etc/ocserv/ocpasswd]"
      (Uses local authentication; we’ll configure users later)

    • tcp-port = 443
      (Adjust the port if needed, or use 443 for SSL VPN)

    • udp-port = 443
      (For DTLS support)

    • server-cert = /etc/ssl/certs/your-cert.pem
      (Path to your server’s SSL certificate)

    • server-key = /etc/ssl/private/your-key.pem
      (Path to your server’s SSL key)

    • Uncomment and set ipv4-network and ipv6-network as per your network configuration:

      ipv4-network = 192.168.1.0/24
ipv6-network = 2001:db8::/48

6. Generate SSL Certificates

If you don’t already have SSL certificates, generate self-signed certificates:

sudo certtool --generate-privkey --outfile /etc/ssl/private/ocserv-key.pem
sudo certtool --generate-self-signed --load-privkey /etc/ssl/private/ocserv-key.pem --outfile /etc/ssl/certs/ocserv-cert.pem

Follow the prompts to fill in your certificate details.

7. Create VPN Users

Use the ocpasswd tool to create VPN users.

sudo ocpasswd -c /etc/ocserv/ocpasswd yourusername

You'll be prompted to set a password for this user.

8. Start and Enable ocserv

Now that everything is set up, start the ocserv service:

sudo systemctl start ocserv
sudo systemctl enable ocserv

You can check the status of the service to ensure it’s running:

sudo systemctl status ocserv

9. Configure Firewall (Optional)

If you are using UFW (Uncomplicated Firewall), ensure that the necessary ports (TCP 443 and UDP 443) are open:

sudo ufw allow 443/tcp
sudo ufw allow 443/udp
sudo ufw reload

10. Connect to the VPN from Windows

  1. Download and install the OpenConnect client for Windows from here.

  2. Launch the OpenConnect client and enter the server’s IP address or domain name.

  3. Authenticate with the username and password you created earlier.

11. Troubleshooting

  • To view ocserv logs, use:

    sudo journalctl -u ocserv

  • Ensure that no other services are using the same ports (like Apache or Nginx on port 443).

Conclusion

You now have a working ocserv VPN server running on Windows 10 via WSL. You can manage it just like any other Linux system, and clients can connect using the OpenConnect VPN protocol.