Index: ocserv-0.10.5/doc/sample.config
===================================================================
--- ocserv-0.10.5.orig/doc/sample.config
+++ ocserv-0.10.5/doc/sample.config
@@ -36,7 +36,7 @@
 
 #auth = "pam"
 #auth = "pam[gid-min=1000]"
-auth = "plain[passwd=./sample.passwd]"
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
 #auth = "certificate"
 #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
 
@@ -68,8 +68,8 @@ auth = "plain[passwd=./sample.passwd]"
 #listen-host-is-dyndns = true
 
 # TCP and UDP port number
-tcp-port = 443
-udp-port = 443
+tcp-port = 9000
+udp-port = 9001
 
 # Accept connections using a socket file. It accepts HTTP
 # connections (i.e., without SSL/TLS unlike its TCP counterpart),
@@ -102,7 +102,7 @@ socket-file = /var/run/ocserv-socket
 # system calls allowed to a worker process, in order to reduce damage from a
 # bug in the worker process. It is available on Linux systems at a performance cost.
 # The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
-isolate-workers = true
+isolate-workers = false
 
 # A banner to be displayed on clients
 #banner = "Welcome"
@@ -148,7 +148,7 @@ dpd = 90
 mobile-dpd = 1800
 
 # MTU discovery (DPD must be enabled)
-try-mtu-discovery = false
+try-mtu-discovery = true
 
 # The key and the certificates of the server
 # The key may be a file, or any URL supported by GnuTLS (e.g., 
@@ -160,8 +160,8 @@ try-mtu-discovery = false
 #
 # There may be multiple server-cert and server-key directives,
 # but each key should correspond to the preceding certificate.
-server-cert = ../tests/server-cert.pem
-server-key = ../tests/server-key.pem
+server-cert = /etc/ocserv/certificates/server-cert.pem
+server-key = /etc/ocserv/certificates/server-key.pem
 
 # Diffie-Hellman parameters. Only needed if you require support
 # for the DHE ciphersuites (by default this server supports ECDHE).
@@ -187,7 +187,7 @@ server-key = ../tests/server-key.pem
 # The Certificate Authority that will be used to verify
 # client certificates (public keys) if certificate authentication
 # is set.
-ca-cert = ../tests/ca.pem
+ca-cert = /etc/ocserv/certificates/ca-cert.pem
 
 # The object identifier that will be used to read the user ID in the client 
 # certificate. The object identifier should be part of the certificate's DN
@@ -320,8 +320,8 @@ rekey-method = ssl
 # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes 
 # output from the tun device, and the duration of the session in seconds.
 
-#connect-script = /usr/bin/myscript
-#disconnect-script = /usr/bin/myscript
+#connect-script = /usr/bin/ocserv-script
+#disconnect-script = /usr/bin/ocserv-script
 
 # UTMP
 # Register the connected clients to utmp. This will allow viewing
@@ -377,7 +377,7 @@ ipv4-netmask = 255.255.255.0
 # The advertized DNS server. Use multiple lines for
 # multiple servers.
 # dns = fc00::4be0
-dns = 192.168.1.2
+dns = 8.8.8.8
 
 # The NBNS server (if any)
 #nbns = 192.168.1.3
@@ -414,8 +414,8 @@ ping-leases = false
 # comment out all routes from the server, or use the special keyword
 # 'default'.
 
-route = 10.10.10.0/255.255.255.0
-route = 192.168.0.0/255.255.0.0
+#route = 10.10.10.0/255.255.255.0
+#route = 192.168.0.0/255.255.0.0
 #route = fef4:db8:1000:1001::/64
 
 # Subsets of the routes above that will not be routed by
Index: ocserv-0.10.5/doc/systemd/socket-activated/ocserv.socket
===================================================================
--- ocserv-0.10.5.orig/doc/systemd/socket-activated/ocserv.socket
+++ ocserv-0.10.5/doc/systemd/socket-activated/ocserv.socket
@@ -2,8 +2,8 @@
 Description=OpenConnect SSL VPN server Socket
 
 [Socket]
-ListenStream=443
-ListenDatagram=443
+ListenStream=9000
+ListenDatagram=9001
 BindIPv6Only=default
 Accept=false
 ReusePort=true