How do I configure the firewall for OpenConnect interface?


I’m afraid I need step-by-step instructions on how to set up openconnect on the GL-MT300N-V2.
What I have managed to do so far:

My openConnect server is running on a RaspBerry PI 3B+.
The openconnect server uses a Let’s Encrypt certificate.

With the ios app Cisco AnyConnect I can connect to the Raspberry, and the iPhone’s internet traffic then runs through the RaspBerry as well.

The GL-Inet runs in repeater mode, i.e. an existing WLAN is used, and the GL-Inet opens its own WLAN.

On the GL-Inet the Luci console has to be installed - I did that.

Via the Luci console I installed luci-proto-openconnect.
This also installs the openconnect package.

Via Luci → Network-> Interfaces I created a new interface with the self chosen name “VPN”.

In the configuration I only have to enter the address of my OpenConnect server, the username and the password.

But how do I proceed now ?

How do I run the WLAN traffic and the LAN cable over OpenConnect ?

I have already tried some instructions, but nothing works.

Translated with DeepL Translate: The world's most accurate translator (free version)

Did Openconnect actually connect to your server?

As far as I know, if you use MT300N-V2, there is not enough space to install openconnect. You may need to use an USB key and use exroot to install everything on the USB.

After openconnect actually build the turnnel, you should see network interfaces and you can add firewall rules to route the traffice.

How do i configure firewall/routing ?

Can you show the firewall section?

Here is my settings when using openvpn for your reference.

Did it work , i followed this tread but i still can’t get to navigate with my vpn if i try to ping i get destination unreachable.

Many thanks

This thread does not contains guide for open connect.

Here is a guide OpenWRT 路由器 OpenConnect VPN 详细图文教程 - 基础配置篇 - 思有云 - IOIOX

You can use Google translation to read it.

@alzhao Hi but the screenshots are of the openconnect plugin installed on the GL.iNet or not? I have installed the openconnect plugin and then access by lucid to the web interface, configured the vpn (Anyconnect Cisco) that has interface has its on IP, but i can’t let my pc gather the ip from this interface dhcp anche then surf by the VPN has written in my post GL-MT300N-V2 Openconnect CISCO i think i don’t make the good firewall, nat and tunnel configuration, or it is not possibile?

Sorry the guide is for server, not client.

You can post all of your firewall settings to have a check.

@alzhao many thanks, i missed that was for server non client.
this is my interface

this is my firewall

but if i try to ping i get that “destination port is unreachable”

many thanks

The openconnect Interface zone is “CISCOVPN”, not openvpn. YOu can change all the openvpn to CISCOVPN in the firewall zone?

It’s only a custom name of the cisco configuration given in af firewall zone

but it is using the cisco protocol for VPN

I can change it ,if it effects the result