Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- auth = "plain[passwd=/etc/ocserv/ocpasswd]"
- enable-auth = "certificate"
- tcp-port = 443
- udp-port = 443
- run-as-user = ocserv
- run-as-group = ocserv
- socket-file = ocserv.sock
- chroot-dir = /var/lib/ocserv
- isolate-workers = true
- max-clients = 16
- max-same-clients = 2
- keepalive = 32400
- dpd = 90
- mobile-dpd = 1800
- switch-to-tcp-timeout = 25
- try-mtu-discovery = true
- server-cert = *.org.crt
- server-key = *.org.key
- ca-cert = ca.crt
- cert-user-oid = 2.5.4.3
- crl = /etc/ocserv/pki/crl.pem
- tls-priorities="SECURE192:%SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:-VERS-ALL:+VERS-TLS1.2:+VERS-DTLS1.2"
- match-tls-dtls-ciphers = false
- auth-timeout = 240
- idle-timeout = 1200
- session-timeout = 86400
- mobile-idle-timeout = 2400
- min-reauth-time = 300
- max-ban-score = 50
- ban-reset-time = 300
- cookie-timeout = 300
- deny-roaming = false
- rekey-time = 172800
- rekey-method = ssl
- use-occtl = true
- pid-file = /var/run/ocserv.pid
- device = tun
- predictable-ips = true
- default-domain = *
- ipv4-network = 172.26.223.0
- ipv4-netmask = 255.255.255.0
- ipv6-network = fda9:4efe:7e3b:03ea::/64
- ipv6-subnet-prefix = 128
- dns = 2606:4700:4700::1111
- dns = 1.1.1.1
- ping-leases = false
- output-buffer = 30
- cisco-client-compat = true
- dtls-legacy = true
- user-profile = profile.xml
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement