|
|
@@ -10,19 +10,17 @@ auth = "plain[passwd=/etc/ocserv/ocpasswd]"
|
|
|
#enable-auth = "plain[passwd=/etc/ocserv/ocpasswd]"
|
|
|
enable-auth = "certificate"
|
|
|
|
|
|
-# TCP and UDP port number
|
|
|
+# TCP and UDP port
|
|
|
tcp-port = 443
|
|
|
-#udp-port = 443
|
|
|
+udp-port = 0
|
|
|
|
|
|
server-cert = /etc/ocserv/server.cert.pem
|
|
|
server-key = /etc/ocserv/server.key.pem
|
|
|
ca-cert = /etc/ocserv/ca.cert.pem
|
|
|
-dh-params = /etc/ocserv/dh.pem
|
|
|
|
|
|
socket-file = /var/run/ocserv.socket
|
|
|
occtl-socket-file = /var/run/occtl.socket
|
|
|
pid-file = /var/run/ocserv.pid
|
|
|
-#user-profile = /etc/ocserv/profile.xml
|
|
|
run-as-user = nobody
|
|
|
run-as-group = daemon
|
|
|
cert-user-oid = 2.5.4.3
|
|
|
@@ -34,18 +32,18 @@ auto-select-group = false
|
|
|
net-priority = 6
|
|
|
max-clients = 0
|
|
|
max-same-clients = 0
|
|
|
-#switch-to-tcp-timeout = 0
|
|
|
+# switch-to-tcp-timeout = 0
|
|
|
max-ban-score = 0
|
|
|
keepalive = 86400
|
|
|
-dpd = 64
|
|
|
-mobile-dpd = 72
|
|
|
-#idle-timeout = 32
|
|
|
-#mobile-idle-timeout = 32
|
|
|
+dpd = 3
|
|
|
+mobile-dpd = 8
|
|
|
+# idle-timeout = 32
|
|
|
+# mobile-idle-timeout = 32
|
|
|
auth-timeout = 48
|
|
|
cookie-timeout = 4
|
|
|
-#mtu = 1420
|
|
|
+# mtu = 1420
|
|
|
try-mtu-discovery = false
|
|
|
-#output-buffer = 64
|
|
|
+output-buffer = 0
|
|
|
compression = false
|
|
|
no-compress-limit = 512
|
|
|
persistent-cookies = false
|
|
|
@@ -61,7 +59,7 @@ dtls-psk = false
|
|
|
cisco-client-compat = true
|
|
|
tunnel-all-dns = true
|
|
|
isolate-workers = false
|
|
|
-tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT:-VERS-TLS-ALL:-VERS-DTLS-ALL:-RSA:-VERS-SSL3.0:-ARCFOUR-128:+VERS-TLS1.2"
|
|
|
+tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT:-VERS-TLS-ALL:-VERS-DTLS-ALL:-VERS-SSL3.0:-ARCFOUR-128:+VERS-TLS1.2"
|
|
|
ipv4-network = 192.168.8.0
|
|
|
ipv4-netmask = 255.255.255.0
|
|
|
dns = 192.168.8.1
|
MoeClub