Untitled

sudo yum -y install gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-devel krb5-devel radcli-devel
sudo yum -y install epel-release
sudo yum repolist enabled
sudo yum info ocserv
sudo yum -y install ocserv
sudo ocpasswd -c /etc/ocserv/ocpasswd test
123
nano -K /etc/ocserv/ocserv.conf

auth = "plain[passwd=/etc/ocserv/ocpasswd]"

tcp-port = 8090
udp-port = 8090

run-as-user = ocserv
run-as-group = ocserv

socket-file = ocserv.sock

chroot-dir = /var/lib/ocserv

isolate-workers = true

max-clients = 5

max-same-clients = 1

keepalive = 32400

dpd = 90

mobile-dpd = 1800

switch-to-tcp-timeout = 25

try-mtu-discovery = true

server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key

ca-cert = /etc/pki/ocserv/cacerts/ca.crt

cert-user-oid = 0.9.2342.19200300.100.1.1

tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"

auth-timeout = 240

min-reauth-time = 300

max-ban-score = 50

ban-reset-time = 300

cookie-timeout = 300

deny-roaming = false

rekey-time = 172800

rekey-method = ssl

use-occtl = true

pid-file = /var/run/ocserv.pid

device = vpns

predictable-ips = true

default-domain = example.com

ipv4-network = 192.168.102.0
ipv4-netmask = 255.255.255.0

dns = 8.8.8.8
dns = 8.8.4.4

ping-leases = false

cisco-client-compat = true

dtls-legacy = true

user-profile = profile.xml

# Routes to be forwarded to the client. If you need the
# client to forward routes to the server, you may use the
# config-per-user/group or even connect and disconnect scripts.
#
# To set the server as the default gateway for the client just
# comment out all routes from the server, or use the special keyword
# 'default'.

#route = 10.10.10.0/255.255.255.0
#route = 192.168.0.0/255.255.0.0
#route = fef4:db8:1000:1001::/64

journalctl -fu ocserv