Feature: Ocserv - cockpit-project/cockpit GitHub Wiki

Goal

Obtain information about the logged-in users in the Openconnect VPN server.

User stories:

• An IT administrator manages a Fedora server system with openconnect VPN server running as entry point for the company network. He needs to be able to see the logged-in users at any point in time, and when needed to read their VPN settings to assist with any networking issue they have.

Design

[http://people.redhat.com/nmavrogi/screenshot.png ](http://people.redhat.com/nmavrogi/screenshot.png)

Implementation

• Need to be able to list server status (done)
• Need to be able to list users (done)
• Need to be able to obtain detailed per user information
• Need to be able to disconnect a user
• Need to be able to BAN a specific IP address
• Real-time update for user login/logout (e.g., via d-bus signal)
• Currently ocserv doesn't provide a subsystem for that; making an IPC dbus front-end may help.

Feedback

• How will an admin initially setup ocserv?
  • A configuration file needs to be edited (/etc/ocserv/ocserv.conf) and after that with systemctl enable.
• What are the various actions that the admin should be able to perform on the list of users?
  • Kill connection, BAN IP address (blocking a specific user does depend on the backend used - e.g., PAM, so it cannot be part of the web interface unless we integrate with a single backend only)
• Should we provide a link to documentation on how to configure various clients to connect to this VPN server? Perhaps a simple summary connection settings could be inline in Cockpit?
  • For the majority of the use cases ocserv would work if the authentication method and a network for the VPN is specified. There is rolekit attempt but will be limited to sssd integration. The official documentation is here