47 lines
1.3 KiB
Plaintext
Executable File
47 lines
1.3 KiB
Plaintext
Executable File
#auth = "certificate"
|
|
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
|
|
#enable-auth = "certificate"
|
|
tcp-port = 443
|
|
socket-file = /run/ocserv-socket
|
|
server-cert = /etc/ocserv/ssl/live/pycm1k/fullchain.pem
|
|
server-key = /etc/ocserv/ssl/live/pycm1k/privkey.pem
|
|
#ca-cert = /etc/ocserv/ssl/live/"tshk.duckdns.org"/fullchain.pem
|
|
isolate-workers = true
|
|
max-clients = 20
|
|
max-same-clients = 2
|
|
rate-limit-ms = 200
|
|
server-stats-reset-time = 604800
|
|
keepalive = 10
|
|
dpd = 120
|
|
mobile-dpd = 1800
|
|
switch-to-tcp-timeout = 25
|
|
try-mtu-discovery = true
|
|
cert-user-oid = 0.9.2342.19200300.100.1.1
|
|
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.3"
|
|
auth-timeout = 1000
|
|
min-reauth-time = 300
|
|
max-ban-score = 100
|
|
ban-reset-time = 1200
|
|
cookie-timeout = 600
|
|
deny-roaming = false
|
|
rekey-time = 172800
|
|
rekey-method = ssl
|
|
connect-script = /etc/ocserv/connect.sh
|
|
disconnect-script = /etc/ocserv/disconnect.sh
|
|
use-occtl = true
|
|
pid-file = /run/ocserv.pid
|
|
log-level = 1
|
|
device = vpns
|
|
predictable-ips = true
|
|
default-domain = "tshk.duckdns.org"
|
|
ipv4-network = 11.10.10.0
|
|
ipv4-netmask = 255.255.255.0
|
|
tunnel-all-dns = true
|
|
dns = 8.8.8.8
|
|
ping-leases = false
|
|
config-per-user = /etc/ocserv/config-per-user/
|
|
cisco-client-compat = true
|
|
dtls-legacy = true
|
|
client-bypass-protocol = false
|
|
crl = /etc/ocserv/certs/crl.pem
|