File ocserv.config.patch of Package ocserv
Index: ocserv-0.11.10/doc/sample.config =================================================================== --- ocserv-0.11.10.orig/doc/sample.config +++ ocserv-0.11.10/doc/sample.config @@ -47,7 +47,7 @@ #auth = "pam" #auth = "pam[gid-min=1000]" #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]" -auth = "plain[passwd=./sample.passwd]" +auth = "plain[passwd=/etc/ocserv/ocpasswd]" #auth = "certificate" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" @@ -80,8 +80,8 @@ auth = "plain[passwd=./sample.passwd]" #listen-host-is-dyndns = true # TCP and UDP port number -tcp-port = 443 -udp-port = 443 +tcp-port = 9000 +udp-port = 9001 # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), @@ -124,8 +124,8 @@ socket-file = /var/run/ocserv-socket # # There may be multiple server-cert and server-key directives, # but each key should correspond to the preceding certificate. -server-cert = ../tests/certs/server-cert.pem -server-key = ../tests/certs/server-key.pem +server-cert = /etc/ocserv/certificates/server-cert.pem +server-key = /etc/ocserv/certificates/server-key.pem # Diffie-Hellman parameters. Only needed if you require support # for the DHE ciphersuites (by default this server supports ECDHE). @@ -151,7 +151,7 @@ server-key = ../tests/certs/server-key.p # The Certificate Authority that will be used to verify # client certificates (public keys) if certificate authentication # is set. -ca-cert = ../tests/certs/ca.pem +ca-cert = /etc/ocserv/certificates/ca-cert.pem ### All configuration options below this line are reloaded on a SIGHUP. @@ -171,7 +171,7 @@ ca-cert = ../tests/certs/ca.pem # the isolation was tested at. If you get random failures on worker processes, try # disabling that option and report the failures you, along with system and debugging # information at: https://gitlab.com/ocserv/ocserv/issues -isolate-workers = true +isolate-workers = false # A banner to be displayed on clients #banner = "Welcome" @@ -234,7 +234,7 @@ mobile-dpd = 1800 switch-to-tcp-timeout = 25 # MTU discovery (DPD must be enabled) -try-mtu-discovery = false +try-mtu-discovery = true # If you have a certificate from a CA that provides an OCSP # service you may provide a fresh OCSP status response within @@ -398,8 +398,8 @@ rekey-method = ssl # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # output from the tun device, and the duration of the session in seconds. -#connect-script = /usr/bin/myscript -#disconnect-script = /usr/bin/myscript +#connect-script = /usr/bin/ocserv-script +#disconnect-script = /usr/bin/ocserv-script # UTMP # Register the connected clients to utmp. This will allow viewing @@ -469,7 +469,8 @@ ipv4-netmask = 255.255.255.0 # The advertized DNS server. Use multiple lines for # multiple servers. # dns = fc00::4be0 -dns = 192.168.1.2 +dns = 8.8.8.8 +dns = 8.8.4.4 # The NBNS server (if any) #nbns = 192.168.1.3 @@ -508,8 +509,8 @@ ping-leases = false # comment out all routes from the server, or use the special keyword # 'default'. -route = 10.10.10.0/255.255.255.0 -route = 192.168.0.0/255.255.0.0 +#route = 10.10.10.0/255.255.255.0 +#route = 192.168.0.0/255.255.0.0 #route = fef4:db8:1000:1001::/64 #route = default Index: ocserv-0.11.10/doc/systemd/socket-activated/ocserv.socket =================================================================== --- ocserv-0.11.10.orig/doc/systemd/socket-activated/ocserv.socket +++ ocserv-0.11.10/doc/systemd/socket-activated/ocserv.socket @@ -2,8 +2,8 @@ Description=OpenConnect SSL VPN server Socket [Socket] -ListenStream=443 -ListenDatagram=443 +ListenStream=9000 +ListenDatagram=9001 BindIPv6Only=default Accept=false ReusePort=true
