File ocserv.config.patch of Package ocserv
Index: ocserv-0.10.9/doc/sample.config =================================================================== --- ocserv-0.10.9.orig/doc/sample.config +++ ocserv-0.10.9/doc/sample.config @@ -39,7 +39,7 @@ #auth = "pam" #auth = "pam[gid-min=1000]" #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]" -auth = "plain[passwd=./sample.passwd]" +auth = "plain[passwd=/etc/ocserv/ocpasswd]" #auth = "certificate" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" @@ -72,8 +72,8 @@ auth = "plain[passwd=./sample.passwd]" #listen-host-is-dyndns = true # TCP and UDP port number -tcp-port = 443 -udp-port = 443 +tcp-port = 9000 +udp-port = 9001 # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), @@ -108,8 +108,8 @@ socket-file = /var/run/ocserv-socket # # There may be multiple server-cert and server-key directives, # but each key should correspond to the preceding certificate. -server-cert = ../tests/server-cert.pem -server-key = ../tests/server-key.pem +server-cert = /etc/ocserv/certificates/server-cert.pem +server-key = /etc/ocserv/certificates/server-key.pem # Diffie-Hellman parameters. Only needed if you require support # for the DHE ciphersuites (by default this server supports ECDHE). @@ -135,7 +135,7 @@ server-key = ../tests/server-key.pem # The Certificate Authority that will be used to verify # client certificates (public keys) if certificate authentication # is set. -ca-cert = ../tests/ca.pem +ca-cert = /etc/ocserv/certificates/ca-cert.pem ### All configuration options below this line are reloaded on a SIGHUP. @@ -145,7 +145,7 @@ ca-cert = ../tests/ca.pem # system calls allowed to a worker process, in order to reduce damage from a # bug in the worker process. It is available on Linux systems at a performance cost. # The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8). -isolate-workers = true +isolate-workers = false # A banner to be displayed on clients #banner = "Welcome" @@ -197,7 +197,7 @@ dpd = 90 mobile-dpd = 1800 # MTU discovery (DPD must be enabled) -try-mtu-discovery = false +try-mtu-discovery = true # If you have a certificate from a CA that provides an OCSP # service you may provide a fresh OCSP status response within @@ -341,8 +341,8 @@ rekey-method = ssl # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # output from the tun device, and the duration of the session in seconds. -#connect-script = /usr/bin/myscript -#disconnect-script = /usr/bin/myscript +#connect-script = /usr/bin/ocserv-script +#disconnect-script = /usr/bin/ocserv-script # UTMP # Register the connected clients to utmp. This will allow viewing @@ -401,7 +401,7 @@ ipv4-netmask = 255.255.255.0 # The advertized DNS server. Use multiple lines for # multiple servers. # dns = fc00::4be0 -dns = 192.168.1.2 +dns = 8.8.8.8 # The NBNS server (if any) #nbns = 192.168.1.3 @@ -438,8 +438,8 @@ ping-leases = false # comment out all routes from the server, or use the special keyword # 'default'. -route = 10.10.10.0/255.255.255.0 -route = 192.168.0.0/255.255.0.0 +#route = 10.10.10.0/255.255.255.0 +#route = 192.168.0.0/255.255.0.0 #route = fef4:db8:1000:1001::/64 # Subsets of the routes above that will not be routed by Index: ocserv-0.10.9/doc/systemd/socket-activated/ocserv.socket =================================================================== --- ocserv-0.10.9.orig/doc/systemd/socket-activated/ocserv.socket +++ ocserv-0.10.9/doc/systemd/socket-activated/ocserv.socket @@ -2,8 +2,8 @@ Description=OpenConnect SSL VPN server Socket [Socket] -ListenStream=443 -ListenDatagram=443 +ListenStream=9000 +ListenDatagram=9001 BindIPv6Only=default Accept=false ReusePort=true
