ocserv/ocserv.config.patch

110 lines
3.6 KiB
Diff

Index: b/doc/sample.config
===================================================================
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -41,7 +41,7 @@
#auth = "pam"
#auth = "pam[gid-min=1000]"
#auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
-auth = "plain[passwd=./sample.passwd]"
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
#auth = "certificate"
#auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
@@ -74,8 +74,8 @@ auth = "plain[passwd=./sample.passwd]"
#listen-host-is-dyndns = true
# TCP and UDP port number
-tcp-port = 443
-udp-port = 443
+tcp-port = 9000
+udp-port = 9001
# Accept connections using a socket file. It accepts HTTP
# connections (i.e., without SSL/TLS unlike its TCP counterpart),
@@ -110,8 +110,8 @@ socket-file = /var/run/ocserv-socket
#
# There may be multiple server-cert and server-key directives,
# but each key should correspond to the preceding certificate.
-server-cert = ../tests/certs/server-cert.pem
-server-key = ../tests/certs/server-key.pem
+server-cert = /etc/ocserv/certificates/server-cert.pem
+server-key = /etc/ocserv/certificates/server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
@@ -137,7 +137,7 @@ server-key = ../tests/certs/server-key.p
# The Certificate Authority that will be used to verify
# client certificates (public keys) if certificate authentication
# is set.
-ca-cert = ../tests/certs/ca.pem
+ca-cert = /etc/ocserv/certificates/ca-cert.pem
### All configuration options below this line are reloaded on a SIGHUP.
@@ -157,7 +157,7 @@ ca-cert = ../tests/certs/ca.pem
# the isolation was tested at. If you get random failures on worker processes, try
# disabling that option and report the failures you, along with system and debugging
# information at: https://gitlab.com/ocserv/ocserv/issues
-isolate-workers = true
+isolate-workers = false
# A banner to be displayed on clients
#banner = "Welcome"
@@ -204,7 +204,7 @@ dpd = 90
mobile-dpd = 1800
# MTU discovery (DPD must be enabled)
-try-mtu-discovery = false
+try-mtu-discovery = true
# If you have a certificate from a CA that provides an OCSP
# service you may provide a fresh OCSP status response within
@@ -362,8 +362,8 @@ rekey-method = ssl
# STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes
# output from the tun device, and the duration of the session in seconds.
-#connect-script = /usr/bin/myscript
-#disconnect-script = /usr/bin/myscript
+#connect-script = /usr/bin/ocserv-script
+#disconnect-script = /usr/bin/ocserv-script
# UTMP
# Register the connected clients to utmp. This will allow viewing
@@ -433,7 +433,8 @@ ipv4-netmask = 255.255.255.0
# The advertized DNS server. Use multiple lines for
# multiple servers.
# dns = fc00::4be0
-dns = 192.168.1.2
+dns = 8.8.8.8
+dns = 8.8.4.4
# The NBNS server (if any)
#nbns = 192.168.1.3
@@ -472,8 +473,8 @@ ping-leases = false
# comment out all routes from the server, or use the special keyword
# 'default'.
-route = 10.10.10.0/255.255.255.0
-route = 192.168.0.0/255.255.0.0
+#route = 10.10.10.0/255.255.255.0
+#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64
#route = default
Index: b/doc/systemd/socket-activated/ocserv.socket
===================================================================
--- a/doc/systemd/socket-activated/ocserv.socket
+++ b/doc/systemd/socket-activated/ocserv.socket
@@ -2,8 +2,8 @@
Description=OpenConnect SSL VPN server Socket
[Socket]
-ListenStream=443
-ListenDatagram=443
+ListenStream=9000
+ListenDatagram=9001
BindIPv6Only=default
Accept=false
ReusePort=true