Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
- sudo yum -y install epel-release
- sudo yum repolist enabled
- sudo yum info ocserv
- sudo yum -y install ocserv
- sudo ocpasswd -c /etc/ocserv/ocpasswd test
- 123
- nano -K /etc/ocserv/ocserv.conf
- auth = "plain[passwd=/etc/ocserv/ocpasswd]"
- tcp-port = 8090
- udp-port = 8090
- run-as-user = ocserv
- run-as-group = ocserv
- socket-file = ocserv.sock
- chroot-dir = /var/lib/ocserv
- isolate-workers = true
- max-clients = 5
- max-same-clients = 1
- keepalive = 32400
- dpd = 90
- mobile-dpd = 1800
- switch-to-tcp-timeout = 25
- try-mtu-discovery = true
- server-cert = /etc/pki/ocserv/public/server.crt
- server-key = /etc/pki/ocserv/private/server.key
- ca-cert = /etc/pki/ocserv/cacerts/ca.crt
- cert-user-oid = 0.9.2342.19200300.100.1.1
- tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
- auth-timeout = 240
- min-reauth-time = 300
- max-ban-score = 50
- ban-reset-time = 300
- cookie-timeout = 300
- deny-roaming = false
- rekey-time = 172800
- rekey-method = ssl
- use-occtl = true
- pid-file = /var/run/ocserv.pid
- device = vpns
- predictable-ips = true
- default-domain = example.com
- ipv4-network = 192.168.102.0
- ipv4-netmask = 255.255.255.0
- dns = 8.8.8.8
- dns = 8.8.4.4
- ping-leases = false
- cisco-client-compat = true
- dtls-legacy = true
- user-profile = profile.xml
- # Routes to be forwarded to the client. If you need the
- # client to forward routes to the server, you may use the
- # config-per-user/group or even connect and disconnect scripts.
- #
- # To set the server as the default gateway for the client just
- # comment out all routes from the server, or use the special keyword
- # 'default'.
- #route = 10.10.10.0/255.255.255.0
- #route = 192.168.0.0/255.255.0.0
- #route = fef4:db8:1000:1001::/64
- journalctl -fu ocserv
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement