How do I configure the firewall for OpenConnect interface?

kingkong · October 6, 2021, 10:48am

Hello,

I’m afraid I need step-by-step instructions on how to set up openconnect on the GL-MT300N-V2.
What I have managed to do so far:

My openConnect server is running on a RaspBerry PI 3B+.
The openconnect server uses a Let’s Encrypt certificate.

With the ios app Cisco AnyConnect I can connect to the Raspberry, and the iPhone’s internet traffic then runs through the RaspBerry as well.

The GL-Inet runs in repeater mode, i.e. an existing WLAN is used, and the GL-Inet opens its own WLAN.

On the GL-Inet the Luci console has to be installed - I did that.

Via the Luci console I installed luci-proto-openconnect.
This also installs the openconnect package.

Via Luci → Network-> Interfaces I created a new interface with the self chosen name “VPN”.

In the configuration I only have to enter the address of my OpenConnect server, the username and the password.

But how do I proceed now ?

How do I run the WLAN traffic and the LAN cable over OpenConnect ?

I have already tried some instructions, but nothing works.

Translated with DeepL Translate: The world's most accurate translator (free version)

alzhao · October 6, 2021, 12:08pm

Did Openconnect actually connect to your server?

As far as I know, if you use MT300N-V2, there is not enough space to install openconnect. You may need to use an USB key and use exroot to install everything on the USB.

After openconnect actually build the turnnel, you should see network interfaces and you can add firewall rules to route the traffice.

kingkong · October 7, 2021, 1:26pm

How do i configure firewall/routing ?

alzhao · October 8, 2021, 7:59am

Can you show the firewall section?

alzhao · October 8, 2021, 8:06am

Here is my settings when using openvpn for your reference.

alex916 · May 24, 2023, 8:16am

Did it work , i followed this tread but i still can’t get to navigate with my vpn if i try to ping i get destination unreachable.

Many thanks

alzhao · May 24, 2023, 8:36am

This thread does not contains guide for open connect.

Here is a guide OpenWRT 路由器 OpenConnect VPN 详细图文教程 - 基础配置篇 - 思有云 - IOIOX

You can use Google translation to read it.

alex916 · May 24, 2023, 12:29pm

@alzhao Hi but the screenshots are of the openconnect plugin installed on the GL.iNet or not? I have installed the openconnect plugin and then access by lucid to the web interface, configured the vpn (Anyconnect Cisco) that has interface has its on IP, but i can’t let my pc gather the ip from this interface dhcp anche then surf by the VPN has written in my post GL-MT300N-V2 Openconnect CISCO i think i don’t make the good firewall, nat and tunnel configuration, or it is not possibile?

alzhao · May 24, 2023, 12:50pm

Sorry the guide is for server, not client.

You can post all of your firewall settings to have a check.

alex916 · May 24, 2023, 1:40pm

@alzhao many thanks, i missed that was for server non client.
this is my interface

this is my firewall

but if i try to ping 8.8.8.8 i get that “destination port is unreachable” 192.168.8.1

many thanks

alzhao · May 24, 2023, 1:44pm

The openconnect Interface zone is “CISCOVPN”, not openvpn. YOu can change all the openvpn to CISCOVPN in the firewall zone?

alex916 · May 24, 2023, 1:47pm

It’s only a custom name of the cisco configuration given in af firewall zone
interface3

interface4
but it is using the cisco protocol for VPN

I can change it ,if it effects the result