MoeClub-Note/AnyConnect/build/ocserv.conf

# The default domain to be advertised
# Connection-specific DNS suffixes
default-domain = srv

auth = "plain[passwd=/etc/ocserv/ocpasswd]"
#auth = "certificate"
#enable-auth = "plain[passwd=/etc/ocserv/ocpasswd]"
enable-auth = "certificate"

# TCP and UDP port
tcp-port = 443
udp-port = 0

run-as-user = nobody
run-as-group = daemon

server-cert = /etc/ocserv/server.cert.pem
server-key = /etc/ocserv/server.key.pem
ca-cert = /etc/ocserv/ca.cert.pem

socket-file = /run/ocserv.socket
occtl-socket-file = /run/occtl.socket
pid-file = /run/ocserv.pid

cert-user-oid = 2.5.4.3
cert-group-oid = 2.5.4.11
config-per-group = /etc/ocserv/group
default-group-config = /etc/ocserv/group/Default
default-select-group = Default
auto-select-group = false

net-priority = 6
max-clients = 0
max-same-clients = 0
# switch-to-tcp-timeout = 0
max-ban-score = 0
min-reauth-time = 1
dpd = 3
idle-timeout = 8
# mobile-dpd = 8
# mobile-idle-timeout = 32
persistent-cookies = true
cookie-timeout = 256
keepalive = 32
auth-timeout = 64
rekey-time = 86400
rekey-method = ssl
deny-roaming = false
mtu = 1412
try-mtu-discovery = true
output-buffer = 0
compression = false
no-compress-limit = 256
use-utmp = false
use-occtl = true
device = ocserv
predictable-ips = true
ping-leases = false
dtls-psk = false
cisco-client-compat = true
tunnel-all-dns = true
isolate-workers = false
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT:-VERS-ALL:-VERS-TLS-ALL:-VERS-DTLS-ALL:-VERS-SSL3.0:-ARCFOUR-128:+VERS-TLS1.2:+VERS-TLS1.3"

listen-host = 0.0.0.0
ipv4-network = 192.168.144.0
ipv4-netmask = 255.255.255.0
dns = 192.168.144.1