diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 00000000..126cad3a --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,8 @@ +EXTRA_DIST = design.dia sample.config + +dist_man_MANS = ocserv.1 + +ocserv.1: ../src/ocserv-args.def + -sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ + autogen -DMAN_SECTION=1 -Tagman-cmd.tpl "$<".tmp && \ + rm -f "$<".tmp diff --git a/doc/sample.config b/doc/sample.config new file mode 100644 index 00000000..cf7b2cbb --- /dev/null +++ b/doc/sample.config @@ -0,0 +1,98 @@ +# User authentication method. Could be set multiple times and in that case +# all should succeed. +# Options: certificate, pam. +#auth = certificate +auth = "pam" + +# UTMP +use-utmp = true + +# PID file +pid-file = /var/run/ocserv.pid + +# Limit the number of clients. Set to zero for unlimited. +# max-clients = 1024 +max-clients = 4 + +# Limit the number of identical clients (i.e., users connecting multiple times) +# Unset or set to zero for unlimited. +max-same-clients = 1 + +# Use listen-host to limit to specific IPs or to the IPs of a provided hostname. +# listen-host = [IP|HOSTNAME] + +# The time (in seconds) that a client is allowed to stay connected prior +# to authentication +auth-timeout = 40 + +# TCP and UDP port number +tcp-port = 3333 +udp-port = 3333 + +# Keepalive in seconds +keepalive = 60 + +# Dead peer detection in seconds +dpd = 30 + +# The key and the certificates of the server +# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11) +server-cert = ./test-cert.pem +server-key = ./test-key.pem + +# The Certificate Authority that will be used +# to verify clients if certificate authentication +# is set. +#ca-cert = /path/to/ca.pem + +# The object identifier that will be used to read the user ID in the client certificate. +# The object identifier should be part of the certificate's DN +#cert-user-oid = 0.9.2342.19200300.100.1.1 + +# A revocation list of ca-cert is set +#crl = /path/to/crl.pem + +# GnuTLS priority string +tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT" + +# The default server directory +#chroot-dir = /root + +# Cookie validity time (in seconds) +# Once a client is authenticated he's provided a cookie with +# which he can reconnect. This option sets the maximum lifetime +# of that cookie. +cookie-validity = 14400 +#cookie-db = /var/tmp/vpn-cookies.db + +run-as-user = nobody +run-as-group = nogroup + +# Network settings + +device = vpns + +# Script to call when a client connects and obtains an IP +# Parameters are passed on the environment. +# USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), +# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP +# in the P-t-P connect), IP_REMOTE (the VPN IP of the client). +#connect-script = /bin/echo +#disconnect-script = /bin/echo + +# The pool from which the VPN user IPs will be drawn from. +ipv4-network = 192.168.1.0 +ipv4-netmask = 255.255.255.0 +# Use the keywork local to advertize the local P-t-P address as DNS server +# ipv4-dns = 192.168.2.1 +ipv4-dns = local + +#ipv6-address = +#ipv6-mask = +#ipv6-dns = + +# Leave empty to assign the default MTU of the device +# mtu = + +route = 192.168.1.0/255.255.255.0 +#route = 192.168.5.0/255.255.255.0