Index: ocserv-0.12.0/doc/sample.config =================================================================== --- ocserv-0.12.0.orig/doc/sample.config +++ ocserv-0.12.0/doc/sample.config @@ -48,7 +48,7 @@ #auth = "pam" #auth = "pam[gid-min=1000]" #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]" -auth = "plain[passwd=./sample.passwd]" +auth = "plain[passwd=/etc/ocserv/ocpasswd]" #auth = "certificate" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" @@ -83,8 +83,8 @@ auth = "plain[passwd=./sample.passwd]" #listen-host-is-dyndns = true # TCP and UDP port number -tcp-port = 443 -udp-port = 443 +tcp-port = 9000 +udp-port = 9001 # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), @@ -132,8 +132,8 @@ socket-file = /var/run/ocserv-socket #server-cert = /etc/ocserv/server-cert.pem #server-key = /etc/ocserv/server-key.pem -server-cert = ../tests/certs/server-cert.pem -server-key = ../tests/certs/server-key.pem +server-cert = /etc/ocserv/certificates/server-cert.pem +server-key = /etc/ocserv/certificates/server-key.pem # Diffie-Hellman parameters. Only needed if for old (pre 3.6.0 # versions of GnuTLS for supporting DHE ciphersuites. @@ -160,7 +160,7 @@ server-key = ../tests/certs/server-key.pem # client certificates (public keys) if certificate authentication # is set. #ca-cert = /etc/ocserv/ca.pem -ca-cert = ../tests/certs/ca.pem +ca-cert = /etc/ocserv/certificates/ca-cert.pem ### All configuration options below this line are reloaded on a SIGHUP. @@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem # the isolation was tested at. If you get random failures on worker processes, try # disabling that option and report the failures you, along with system and debugging # information at: https://gitlab.com/ocserv/ocserv/issues -isolate-workers = true +isolate-workers = false # A banner to be displayed on clients #banner = "Welcome" @@ -243,7 +243,7 @@ mobile-dpd = 1800 switch-to-tcp-timeout = 25 # MTU discovery (DPD must be enabled) -try-mtu-discovery = false +try-mtu-discovery = true # If you have a certificate from a CA that provides an OCSP # service you may provide a fresh OCSP status response within @@ -407,8 +407,8 @@ rekey-method = ssl # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # output from the tun device, and the duration of the session in seconds. -#connect-script = /usr/bin/myscript -#disconnect-script = /usr/bin/myscript +#connect-script = /usr/bin/ocserv-script +#disconnect-script = /usr/bin/ocserv-script # UTMP # Register the connected clients to utmp. This will allow viewing @@ -478,7 +478,8 @@ ipv4-netmask = 255.255.255.0 # The advertized DNS server. Use multiple lines for # multiple servers. # dns = fc00::4be0 -dns = 192.168.1.2 +dns = 8.8.8.8 +dns = 8.8.4.4 # The NBNS server (if any) #nbns = 192.168.1.3 @@ -517,8 +518,8 @@ ping-leases = false # comment out all routes from the server, or use the special keyword # 'default'. -route = 10.10.10.0/255.255.255.0 -route = 192.168.0.0/255.255.0.0 +#route = 10.10.10.0/255.255.255.0 +#route = 192.168.0.0/255.255.0.0 #route = fef4:db8:1000:1001::/64 #route = default @@ -682,18 +683,18 @@ dtls-legacy = true # An example virtual host with different authentication methods serviced # by this server. -[vhost:www.example.com] -auth = "certificate" +#[vhost:www.example.com] +#auth = "certificate" -ca-cert = ../tests/certs/ca.pem +#ca-cert = ../tests/certs/ca.pem # The certificate set here must include a 'dns_name' corresponding to # the virtual host name. -server-cert = ../tests/certs/server-cert-secp521r1.pem -server-key = ../tests/certs/server-key-secp521r1.pem +#server-cert = ../tests/certs/server-cert-secp521r1.pem +#server-key = ../tests/certs/server-key-secp521r1.pem -ipv4-network = 192.168.2.0 -ipv4-netmask = 255.255.255.0 +#ipv4-network = 192.168.2.0 +#ipv4-netmask = 255.255.255.0 -cert-user-oid = 0.9.2342.19200300.100.1.1 +#cert-user-oid = 0.9.2342.19200300.100.1.1 Index: ocserv-0.12.0/doc/systemd/socket-activated/ocserv.socket =================================================================== --- ocserv-0.12.0.orig/doc/systemd/socket-activated/ocserv.socket +++ ocserv-0.12.0/doc/systemd/socket-activated/ocserv.socket @@ -2,8 +2,8 @@ Description=OpenConnect SSL VPN server Socket [Socket] -ListenStream=443 -ListenDatagram=443 +ListenStream=9000 +ListenDatagram=9001 BindIPv6Only=default Accept=false ReusePort=true