2a734b5edd
- Update to version 1.2.1
* Accept the Clavister OneConnect VPN Android client.
* No longer require to set device name per vhost.
* Account the correct number of points when proxyproto is in use
* nuttcp tests were replaced with iperf3 that is available
in more environments
* occtl: fix duplicate key in `occtl --json show users` output
- Update to version 1.2.0
* Add support for Cisco Enterprise phones to authenticate via
the /svc endpoint and the 'cisco-svc-client-compat' config
option.
* Enhanced radius group support to enable radius servers send
multiple group class attributes
See doc/README-radius.md for more information.
* Enhanced the seccomp filters to open files related to FIPS
compliance on SuSe.
* Added "Camouflage" functionality that makes ocserv look like a
web server to unauthorized parties.
* Avoid login failure when the end point of server URI
contains a query string.
* Make sure we print proper JSON with `occtl --debug --json`
* Eliminated the need for using the gnulib portability library.
- Update to version 1.1.7
* Emit a LOG_ERR error message with plain authentication fails
* The bundled inih was updated to r56.
* The bundled protobuf-c was updated to 1.4.1.
* Enhanced the seccomp filters for ARMv7 compatibility and musl
libc
* HTTP headers always capitalised as in RFC 9110
OBS-URL: https://build.opensuse.org/request/show/1107938
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=47
55 lines
1.9 KiB
Diff
55 lines
1.9 KiB
Diff
diff --git a/doc/sample.config b/doc/sample.config
|
|
index 4c8c8c6..7a4697f 100644
|
|
--- a/doc/sample.config
|
|
+++ b/doc/sample.config
|
|
@@ -48,7 +48,7 @@
|
|
#auth = "pam"
|
|
#auth = "pam[gid-min=1000]"
|
|
#auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
|
|
-auth = "plain[passwd=./sample.passwd]"
|
|
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
|
|
#auth = "certificate"
|
|
#auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
|
|
|
|
@@ -90,8 +90,8 @@ auth = "plain[passwd=./sample.passwd]"
|
|
# listen-netns = "foo"
|
|
|
|
# TCP and UDP port number
|
|
-tcp-port = 443
|
|
-udp-port = 443
|
|
+tcp-port = 9000
|
|
+udp-port = 9001
|
|
|
|
# The user the worker processes will be run as. This should be a dedicated
|
|
# unprivileged user (e.g., 'ocserv') and no other services should run as this
|
|
@@ -126,9 +126,8 @@ socket-file = /var/run/ocserv-socket
|
|
|
|
#server-cert = /etc/ocserv/server-cert.pem
|
|
#server-key = /etc/ocserv/server-key.pem
|
|
-server-cert = ../tests/certs/server-cert.pem
|
|
-server-key = ../tests/certs/server-key.pem
|
|
-
|
|
+server-cert = /etc/ocserv/certificates/server-cert.pem
|
|
+server-key = /etc/ocserv/certificates/server-key.pem
|
|
# Diffie-Hellman parameters. Only needed if for old (pre 3.6.0
|
|
# versions of GnuTLS for supporting DHE ciphersuites.
|
|
# Can be generated using:
|
|
@@ -154,7 +153,7 @@ server-key = ../tests/certs/server-key.pem
|
|
# client certificates (public keys) if certificate authentication
|
|
# is set.
|
|
#ca-cert = /etc/ocserv/ca.pem
|
|
-ca-cert = ../tests/certs/ca.pem
|
|
+ca-cert = /etc/ocserv/certificates/ca-cert.pem
|
|
|
|
# The number of sub-processes to use for the security module (authentication)
|
|
# processes. Typically this should not be set as the number of processes
|
|
@@ -249,7 +248,7 @@ mobile-dpd = 1800
|
|
switch-to-tcp-timeout = 25
|
|
|
|
# MTU discovery (DPD must be enabled)
|
|
-try-mtu-discovery = false
|
|
+try-mtu-discovery = true
|
|
|
|
# To enable load-balancer connection draining, set server-drain-ms to a value
|
|
# higher than your load-balancer health probe interval.
|