Update ocserv.conf

AnyConnect/build/ocserv.conf

@@ -1,6 +1,3 @@
-# Autorun ocserv
-# Append '@reboot root bash /etc/ocserv/ocserv.d >/dev/null 2>&1 &' in /etc/crontab
-
 # The default domain to be advertised
 # Connection-specific DNS suffixes
 default-domain = srv
@@ -14,6 +11,9 @@ enable-auth = "certificate"
 tcp-port = 443
 udp-port = 0
 
+run-as-user = nobody
+run-as-group = daemon
+
 server-cert = /etc/ocserv/server.cert.pem
 server-key = /etc/ocserv/server.key.pem
 ca-cert = /etc/ocserv/ca.cert.pem
@@ -21,46 +21,48 @@ ca-cert = /etc/ocserv/ca.cert.pem
 socket-file = /run/ocserv.socket
 occtl-socket-file = /run/occtl.socket
 pid-file = /run/ocserv.pid
-run-as-user = nobody
-run-as-group = daemon
+
 cert-user-oid = 2.5.4.3
 cert-group-oid = 2.5.4.11
 config-per-group = /etc/ocserv/group
 default-group-config = /etc/ocserv/group/Default
 default-select-group = Default
 auto-select-group = false
+
 net-priority = 6
 max-clients = 0
 max-same-clients = 0
 # switch-to-tcp-timeout = 0
 max-ban-score = 0
-min-reauth-time = 3
+min-reauth-time = 1
 dpd = 3
-mobile-dpd = 8
-# idle-timeout = 32
+idle-timeout = 8
+# mobile-dpd = 8
 # mobile-idle-timeout = 32
-auth-timeout = 64
-cookie-timeout = 12
 persistent-cookies = true
+cookie-timeout = 86400
+auth-timeout = 64
+keepalive = 86400
+rekey-time = 86400
+rekey-method = ssl
 deny-roaming = false
-# mtu = 1420
-try-mtu-discovery = false
+# mtu = 1406
+try-mtu-discovery = true
 output-buffer = 0
 compression = false
 no-compress-limit = 256
-keepalive = 86400
-rekey-time = 86400
-rekey-method = ssl
 use-utmp = false
 use-occtl = true
 device = ocserv
-predictable-ips = false
+predictable-ips = true
 ping-leases = false
 dtls-psk = false
 cisco-client-compat = true
 tunnel-all-dns = true
 isolate-workers = false
 tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT:-VERS-ALL:-VERS-TLS-ALL:-VERS-DTLS-ALL:-VERS-SSL3.0:-ARCFOUR-128:+VERS-TLS1.2"
+
+listen-host = 0.0.0.0
 ipv4-network = 192.168.8.0
 ipv4-netmask = 255.255.255.0
 dns = 192.168.8.1