ocserv/ocserv.config.patch
Richard Rahl c4052e0aeb - use https for downloading sources (over ftp)
- actually verify tarballs
- use as many pkgconfig and rubygem names

OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=57
2024-11-30 20:36:51 +00:00

55 lines
1.9 KiB
Diff

diff --git a/doc/sample.config b/doc/sample.config
index 4c8c8c6..7a4697f 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -48,7 +48,7 @@
#auth = "pam"
#auth = "pam[gid-min=1000]"
#auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
-auth = "plain[passwd=./sample.passwd]"
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
#auth = "certificate"
#auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
@@ -90,8 +90,8 @@ auth = "plain[passwd=./sample.passwd]"
# listen-netns = "foo"
# TCP and UDP port number
-tcp-port = 443
-udp-port = 443
+tcp-port = 9000
+udp-port = 9001
# The user the worker processes will be run as. This should be a dedicated
# unprivileged user (e.g., 'ocserv') and no other services should run as this
@@ -126,9 +126,8 @@ socket-file = /var/run/ocserv-socket
#server-cert = /etc/ocserv/server-cert.pem
#server-key = /etc/ocserv/server-key.pem
-server-cert = ../tests/certs/server-cert.pem
-server-key = ../tests/certs/server-key.pem
-
+server-cert = /etc/ocserv/certificates/server-cert.pem
+server-key = /etc/ocserv/certificates/server-key.pem
# Diffie-Hellman parameters. Only needed if for old (pre 3.6.0
# versions of GnuTLS for supporting DHE ciphersuites.
# Can be generated using:
@@ -154,7 +153,7 @@ server-key = ../tests/certs/server-key.pem
# client certificates (public keys) if certificate authentication
# is set.
#ca-cert = /etc/ocserv/ca.pem
-ca-cert = ../tests/certs/ca.pem
+ca-cert = /etc/ocserv/certificates/ca-cert.pem
# The number of sub-processes to use for the security module (authentication)
# processes. Typically this should not be set as the number of processes
@@ -249,7 +248,7 @@ mobile-dpd = 1800
switch-to-tcp-timeout = 25
# MTU discovery (DPD must be enabled)
-try-mtu-discovery = false
+try-mtu-discovery = true
# To enable load-balancer connection draining, set server-drain-ms to a value
# higher than your load-balancer health probe interval.