Home Explore Help
Register Sign In
Apq
/
MoeClub-Note
mirror of https://github.com/MoeClub/Note.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: c89bae5df6
Branches Tags
MoeClub-Note
/
AnyConnect
/
build
/
ocserv.conf

ocserv.conf 1.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. # The default domain to be advertised
    2. 

  2. # Connection-specific DNS suffixes
    3. 

  3. default-domain = srv
    4. 

  4. 

  5. auth = "plain[passwd=/etc/ocserv/ocpasswd]"
    6. 

  6. #auth = "certificate"
    7. 

  7. #enable-auth = "plain[passwd=/etc/ocserv/ocpasswd]"
    8. 

  8. enable-auth = "certificate"
    9. 

  9. 

  10. # TCP and UDP port
    11. 

  11. tcp-port = 443
    12. 

  12. udp-port = 0
    13. 

  13. 

  14. run-as-user = nobody
    15. 

  15. run-as-group = daemon
    16. 

  16. 

  17. server-cert = /etc/ocserv/server.cert.pem
    18. 

  18. server-key = /etc/ocserv/server.key.pem
    19. 

  19. ca-cert = /etc/ocserv/ca.cert.pem
    20. 

  20. 

  21. socket-file = /run/ocserv.socket
    22. 

  22. occtl-socket-file = /run/occtl.socket
    23. 

  23. pid-file = /run/ocserv.pid
    24. 

  24. 

  25. cert-user-oid = 2.5.4.3
    26. 

  26. cert-group-oid = 2.5.4.11
    27. 

  27. config-per-group = /etc/ocserv/group
    28. 

  28. default-group-config = /etc/ocserv/group/Default
    29. 

  29. default-select-group = Default
    30. 

  30. auto-select-group = false
    31. 

  31. 

  32. net-priority = 6
    33. 

  33. max-clients = 0
    34. 

  34. max-same-clients = 0
    35. 

  35. # switch-to-tcp-timeout = 0
    36. 

  36. max-ban-score = 0
    37. 

  37. min-reauth-time = 1
    38. 

  38. dpd = 3
    39. 

  39. idle-timeout = 8
    40. 

  40. # mobile-dpd = 8
    41. 

  41. # mobile-idle-timeout = 32
    42. 

  42. persistent-cookies = true
    43. 

  43. cookie-timeout = 256
    44. 

  44. keepalive = 32
    45. 

  45. auth-timeout = 64
    46. 

  46. rekey-time = 86400
    47. 

  47. rekey-method = ssl
    48. 

  48. deny-roaming = false
    49. 

  49. mtu = 1412
    50. 

  50. try-mtu-discovery = true
    51. 

  51. output-buffer = 0
    52. 

  52. compression = false
    53. 

  53. no-compress-limit = 256
    54. 

  54. use-utmp = false
    55. 

  55. use-occtl = true
    56. 

  56. device = ocserv
    57. 

  57. predictable-ips = true
    58. 

  58. ping-leases = false
    59. 

  59. dtls-psk = false
    60. 

  60. cisco-client-compat = true
    61. 

  61. tunnel-all-dns = true
    62. 

  62. isolate-workers = false
    63. 

  63. tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT:-VERS-ALL:-VERS-TLS-ALL:-VERS-DTLS-ALL:-VERS-SSL3.0:-ARCFOUR-128:+VERS-TLS1.2:+VERS-TLS1.3"
    64. 

  64. 

  65. listen-host = 0.0.0.0
    66. 

  66. ipv4-network = 192.168.8.0
    67. 

  67. ipv4-netmask = 255.255.255.0
    68. 

  68. dns = 192.168.8.1
    69.