Index: ocserv-0.9.0/doc/sample.config =================================================================== --- ocserv-0.9.0.orig/doc/sample.config +++ ocserv-0.9.0/doc/sample.config @@ -34,7 +34,7 @@ #auth = "certificate[optional]" #auth = "pam" #auth = "pam[gid-min=1000]" -auth = "plain[./sample.passwd]" +auth = "plain[/etc/ocserv/ocpasswd]" #auth = "radius[/etc/radiusclient/radiusclient.conf,groupconfig]" # Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of @@ -68,8 +68,8 @@ max-same-clients = 2 #listen-host-is-dyndns = true # TCP and UDP port number -tcp-port = 443 -udp-port = 443 +tcp-port = 9000 +udp-port = 9001 # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), @@ -101,7 +101,7 @@ dpd = 90 mobile-dpd = 1800 # MTU discovery (DPD must be enabled) -try-mtu-discovery = false +try-mtu-discovery = true # The key and the certificates of the server # The key may be a file, or any URL supported by GnuTLS (e.g., @@ -113,8 +113,8 @@ try-mtu-discovery = false # # There may be multiple server-cert and server-key directives, # but each key should correspond to the preceding certificate. -server-cert = ../tests/server-cert.pem -server-key = ../tests/server-key.pem +server-cert = /etc/ocserv/certificates/server-cert.pem +server-key = /etc/ocserv/certificates/server-key.pem # Diffie-Hellman parameters. Only needed if you require support # for the DHE ciphersuites (by default this server supports ECDHE). @@ -140,7 +140,7 @@ server-key = ../tests/server-key.pem # The Certificate Authority that will be used to verify # client certificates (public keys) if certificate authentication # is set. -#ca-cert = /path/to/ca.pem +#ca-cert = /etc/ocserv/certificates/ca-cert.pem # The object identifier that will be used to read the user ID in the client # certificate. The object identifier should be part of the certificate's DN @@ -236,8 +236,8 @@ rekey-method = ssl # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # output from the tun device, and the duration of the session in seconds. -#connect-script = /usr/bin/myscript -#disconnect-script = /usr/bin/myscript +#connect-script = /usr/bin/ocserv-script +#disconnect-script = /usr/bin/ocserv-script # UTMP # Register the connected clients to utmp. This will allow viewing @@ -302,7 +302,7 @@ ipv4-netmask = 255.255.255.0 # The advertized DNS server. Use multiple lines for # multiple servers. # dns = fc00::4be0 -dns = 192.168.1.2 +dns = 8.8.8.8 # The NBNS server (if any) #nbns = 192.168.1.3 @@ -342,8 +342,8 @@ ping-leases = false # comment out all routes from the server, or use the special keyword # 'default'. -route = 192.168.1.0/255.255.255.0 -route = 192.168.5.0/255.255.255.0 +#route = 192.168.1.0/255.255.255.0 +#route = 192.168.5.0/255.255.255.0 #route = fef4:db8:1000:1001::/64 # Groups that a client is allowed to select from. @@ -411,7 +411,7 @@ route = 192.168.5.0/255.255.255.0 # for clients to present their certificate on every connection. # That is they may resume a cookie without presenting a certificate # (when certificate authentication is used). -#cisco-client-compat = true +cisco-client-compat = true # Client profile xml. A sample file exists in doc/profile.xml. # It is required by some of the CISCO clients.