Lines 26-32
Link Here
|
26 |
# One entry must be listed per line, and 'ocpasswd' should be used |
26 |
# One entry must be listed per line, and 'ocpasswd' should be used |
27 |
# to generate password entries. The 'otp' suboption allows one to specify |
27 |
# to generate password entries. The 'otp' suboption allows one to specify |
28 |
# an oath password file to be used for one time passwords; the format of |
28 |
# an oath password file to be used for one time passwords; the format of |
29 |
# the file is described in https://code.google.com/p/mod-authn-otp/wiki/UsersFile |
29 |
# the file is described in https://github.com/archiecobbs/mod-authn-otp/wiki/UsersFile |
30 |
# |
30 |
# |
31 |
# radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true,nas-identifier=name]: |
31 |
# radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true,nas-identifier=name]: |
32 |
# The radius option requires specifying freeradius-client configuration |
32 |
# The radius option requires specifying freeradius-client configuration |
Lines 77-82
auth = "plain[passwd=./sample.passwd]"
Link Here
|
77 |
# hostname. |
77 |
# hostname. |
78 |
#listen-host = [IP|HOSTNAME] |
78 |
#listen-host = [IP|HOSTNAME] |
79 |
|
79 |
|
|
|
80 |
# Use udp-listen-host to limit udp to specific IPs or to the IPs of a provided |
81 |
# hostname. if not set, listen-host will be used |
82 |
#udp-listen-host = [IP|HOSTNAME] |
83 |
|
80 |
# When the server has a dynamic DNS address (that may change), |
84 |
# When the server has a dynamic DNS address (that may change), |
81 |
# should set that to true to ask the client to resolve again on |
85 |
# should set that to true to ask the client to resolve again on |
82 |
# reconnects. |
86 |
# reconnects. |
Lines 172-177
ca-cert = ../tests/certs/ca.pem
Link Here
|
172 |
### failures during the reloading time. |
176 |
### failures during the reloading time. |
173 |
|
177 |
|
174 |
|
178 |
|
|
|
179 |
# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of |
180 |
# system calls allowed to a worker process, in order to reduce damage from a |
181 |
# bug in the worker process. It is available on Linux systems at a performance cost. |
182 |
# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8). |
183 |
# Note however, that process isolation is restricted to the specific libc versions |
184 |
# the isolation was tested at. If you get random failures on worker processes, try |
185 |
# disabling that option and report the failures you, along with system and debugging |
186 |
# information at: https://gitlab.com/ocserv/ocserv/issues |
187 |
isolate-workers = true |
188 |
|
175 |
# A banner to be displayed on clients |
189 |
# A banner to be displayed on clients |
176 |
#banner = "Welcome" |
190 |
#banner = "Welcome" |
177 |
|
191 |
|
Lines 391-397
rekey-method = ssl
Link Here
|
391 |
# client), OCSERV_NO_ROUTES, OCSERV_DNS (the DNS servers for this client), |
405 |
# client), OCSERV_NO_ROUTES, OCSERV_DNS (the DNS servers for this client), |
392 |
# will contain a space separated list of routes or DNS servers. A version |
406 |
# will contain a space separated list of routes or DNS servers. A version |
393 |
# of these variables with the 4 or 6 suffix will contain only the IPv4 or |
407 |
# of these variables with the 4 or 6 suffix will contain only the IPv4 or |
394 |
# IPv6 values. |
408 |
# IPv6 values. The connect script must return zero as exit code, or the |
|
|
409 |
# client connection will be refused. |
395 |
|
410 |
|
396 |
# The disconnect script will receive the additional values: STATS_BYTES_IN, |
411 |
# The disconnect script will receive the additional values: STATS_BYTES_IN, |
397 |
# STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes |
412 |
# STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes |
Lines 566-572
no-route = 192.168.5.0/255.255.255.0
Link Here
|
566 |
# keepalive, dpd, mobile-dpd, max-same-clients, tunnel-all-dns, |
581 |
# keepalive, dpd, mobile-dpd, max-same-clients, tunnel-all-dns, |
567 |
# restrict-user-to-routes, user-profile, cgroup, stats-report-time, |
582 |
# restrict-user-to-routes, user-profile, cgroup, stats-report-time, |
568 |
# mtu, idle-timeout, mobile-idle-timeout, restrict-user-to-ports, |
583 |
# mtu, idle-timeout, mobile-idle-timeout, restrict-user-to-ports, |
569 |
# and session-timeout. |
584 |
# split-dns and session-timeout. |
570 |
# |
585 |
# |
571 |
# Note that the 'iroute' option allows one to add routes on the server |
586 |
# Note that the 'iroute' option allows one to add routes on the server |
572 |
# based on a user or group. The syntax depends on the input accepted |
587 |
# based on a user or group. The syntax depends on the input accepted |