preface

This article is not the introductory tutorial in the article to be written in Anyconnect series, but the last step, the advanced application of Ocserv（

This article applies to the following environment (requirements):

• The DHCP/static IP client under the router/router can use ipv6 to access the Internet normally
• The public IPv6 obtained by the router is distributed in the form of (optical cat bridging) router pppoe dialing
• Router has public network IPv4
• There is a need to obtain IPv6 in regions without IPv6
• The router has installed the OCServ server, and can manually modify the configuration file and execute shell commands

text

As we all know (forcibly), telecom broadband will force a 48 hour redial. After my test, after dialing again, both ipv4 and ipv6 will change. The ipv6 configuration in OCSERV is fixed.

If the ipv6 obtained by the router changes, but the OCSERV configuration is not modified, the ipv6 obtained by connecting anyconnect is invalid (unless you use the local ipv6, which is not discussed here)

Let's talk about it. The local ipv6 cannot be accessed by the public network, while the assigned public ipv6 can be accessed by the public network. So try to use the public network if you can.

How to modify the configuration after redialing

Answer: (Here) Use openwrt's hotplug event processing

As we all know (Baidu), when the openwrt interface is online or offline, a hotplug event will be triggered. When the hotplug event is triggered, a series of hotplug scripts will be executed. These scripts are stored in:

 /etc/hotplug.d/iface/

So, now we need to write a hotplug script. When the wan interface redials, it will automatically modify the OCServ configuration file, and restart OCServ to make the configuration take effect

So, once the script is written, it's OK to use it. Copy the following code, Modify, modify ， modify , and then place it in the hotplug folder.  

 #!/ bin/bash #Ifup is the type of event when the port is online [ "$ACTION" = ifup ] || exit 0 #Please change the wan here to the actual wan interface name (the short one without pppoe) [ "$INTERFACE" = wan ] || exit 0 #Obtain the current ipv6 of the router by obtaining the ipv6 API ip=$(curl ipv6.api.rw) #Replace OCServ configuration file #60 Please change it to a number greater than or equal to the ipv6 suffix assigned to you by your ISP #Please modify/etc/ocserv/ocserv.conf as the location of your ocserv configuration file sed -i "s/^ipv6-network =.*/ipv6-network = $ip\/60/g" /etc/ocserv/ocserv.conf > /dev/null 2>&1 #Kill OCServ killall ocserv > /dev/null 2>&1 #Restart OCServ ocserv > /dev/null 2>&1 #Not necessary, in order to know whether the script runs normally echo $ip > /tmp/ip.txt

Save the above code and name it 22 ocserv.

Postscript

This article is an advanced application of OCSERV. How to install OCSERV, how to configure OCSERV, and how to/revoke the certificate used by OCSERV will be introduced one by one in the following articles.

Hso diagram (not)