forked from pool/ocserv
c5d48392d7
OBS-URL: https://build.opensuse.org/request/show/285939 OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=1
94 lines
3.3 KiB
Diff
94 lines
3.3 KiB
Diff
Index: ocserv-0.9.0/doc/sample.config
|
|
===================================================================
|
|
--- ocserv-0.9.0.orig/doc/sample.config
|
|
+++ ocserv-0.9.0/doc/sample.config
|
|
@@ -34,7 +34,7 @@
|
|
#auth = "certificate[optional]"
|
|
#auth = "pam"
|
|
#auth = "pam[gid-min=1000]"
|
|
-auth = "plain[./sample.passwd]"
|
|
+auth = "plain[/etc/ocserv/ocpasswd]"
|
|
#auth = "radius[/etc/radiusclient/radiusclient.conf,groupconfig]"
|
|
|
|
# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of
|
|
@@ -68,8 +68,8 @@ max-same-clients = 2
|
|
#listen-host-is-dyndns = true
|
|
|
|
# TCP and UDP port number
|
|
-tcp-port = 443
|
|
-udp-port = 443
|
|
+tcp-port = 9000
|
|
+udp-port = 9001
|
|
|
|
# Accept connections using a socket file. It accepts HTTP
|
|
# connections (i.e., without SSL/TLS unlike its TCP counterpart),
|
|
@@ -101,7 +101,7 @@ dpd = 90
|
|
mobile-dpd = 1800
|
|
|
|
# MTU discovery (DPD must be enabled)
|
|
-try-mtu-discovery = false
|
|
+try-mtu-discovery = true
|
|
|
|
# The key and the certificates of the server
|
|
# The key may be a file, or any URL supported by GnuTLS (e.g.,
|
|
@@ -113,8 +113,8 @@ try-mtu-discovery = false
|
|
#
|
|
# There may be multiple server-cert and server-key directives,
|
|
# but each key should correspond to the preceding certificate.
|
|
-server-cert = ../tests/server-cert.pem
|
|
-server-key = ../tests/server-key.pem
|
|
+server-cert = /etc/ocserv/certificates/server-cert.pem
|
|
+server-key = /etc/ocserv/certificates/server-key.pem
|
|
|
|
# Diffie-Hellman parameters. Only needed if you require support
|
|
# for the DHE ciphersuites (by default this server supports ECDHE).
|
|
@@ -140,7 +140,7 @@ server-key = ../tests/server-key.pem
|
|
# The Certificate Authority that will be used to verify
|
|
# client certificates (public keys) if certificate authentication
|
|
# is set.
|
|
-#ca-cert = /path/to/ca.pem
|
|
+#ca-cert = /etc/ocserv/certificates/ca-cert.pem
|
|
|
|
# The object identifier that will be used to read the user ID in the client
|
|
# certificate. The object identifier should be part of the certificate's DN
|
|
@@ -236,8 +236,8 @@ rekey-method = ssl
|
|
# STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes
|
|
# output from the tun device, and the duration of the session in seconds.
|
|
|
|
-#connect-script = /usr/bin/myscript
|
|
-#disconnect-script = /usr/bin/myscript
|
|
+#connect-script = /usr/bin/ocserv-script
|
|
+#disconnect-script = /usr/bin/ocserv-script
|
|
|
|
# UTMP
|
|
# Register the connected clients to utmp. This will allow viewing
|
|
@@ -302,7 +302,7 @@ ipv4-netmask = 255.255.255.0
|
|
# The advertized DNS server. Use multiple lines for
|
|
# multiple servers.
|
|
# dns = fc00::4be0
|
|
-dns = 192.168.1.2
|
|
+dns = 8.8.8.8
|
|
|
|
# The NBNS server (if any)
|
|
#nbns = 192.168.1.3
|
|
@@ -342,8 +342,8 @@ ping-leases = false
|
|
# comment out all routes from the server, or use the special keyword
|
|
# 'default'.
|
|
|
|
-route = 192.168.1.0/255.255.255.0
|
|
-route = 192.168.5.0/255.255.255.0
|
|
+#route = 192.168.1.0/255.255.255.0
|
|
+#route = 192.168.5.0/255.255.255.0
|
|
#route = fef4:db8:1000:1001::/64
|
|
|
|
# Groups that a client is allowed to select from.
|
|
@@ -411,7 +411,7 @@ route = 192.168.5.0/255.255.255.0
|
|
# for clients to present their certificate on every connection.
|
|
# That is they may resume a cookie without presenting a certificate
|
|
# (when certificate authentication is used).
|
|
-#cisco-client-compat = true
|
|
+cisco-client-compat = true
|
|
|
|
# Client profile xml. A sample file exists in doc/profile.xml.
|
|
# It is required by some of the CISCO clients.
|