mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Several updates to handle URLs requested by the cisco client.
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -4,5 +4,5 @@ dist_man_MANS = ocserv.1
|
||||
|
||||
ocserv.1: ../src/ocserv-args.def
|
||||
-sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
|
||||
-@AUTOGEN@ -DMAN_SECTION=1 -Tagman-cmd.tpl "$<".tmp && \
|
||||
@AUTOGEN@ -DMAN_SECTION=1 -Tagman-cmd.tpl "$<".tmp && \
|
||||
rm -f "$<".tmp
|
||||
|
||||
31
doc/profile.xml
Normal file
31
doc/profile.xml
Normal file
@@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
|
||||
|
||||
<ClientInitialization>
|
||||
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
|
||||
<StrictCertificateTrust>false</StrictCertificateTrust>
|
||||
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
|
||||
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
|
||||
<BypassDownloader>true</BypassDownloader>
|
||||
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
|
||||
<CertificateMatch>
|
||||
<KeyUsage>
|
||||
<MatchKey>Digital_Signature</MatchKey>
|
||||
</KeyUsage>
|
||||
<ExtendedKeyUsage>
|
||||
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
|
||||
</ExtendedKeyUsage>
|
||||
</CertificateMatch>
|
||||
|
||||
<BackupServerList>
|
||||
<HostAddress>10.100.2.17</HostAddress>
|
||||
</BackupServerList>
|
||||
</ClientInitialization>
|
||||
|
||||
<ServerList>
|
||||
<HostEntry>
|
||||
<HostName>VPN Server</HostName>
|
||||
<HostAddress>10.100.2.17</HostAddress>
|
||||
</HostEntry>
|
||||
</ServerList>
|
||||
</AnyConnectProfile>
|
||||
@@ -4,6 +4,14 @@
|
||||
#auth = "certificate"
|
||||
auth = "pam"
|
||||
|
||||
# A banner to be displayed on clients
|
||||
#banner = "Welcome"
|
||||
|
||||
# Client config xml. The variable $GROUP will be replaced by
|
||||
# the user's group name. This file must be accessible from inside
|
||||
# the worker's chroot. It is not used by the openconnect client.
|
||||
user-profile = ../doc/profile.xml
|
||||
|
||||
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
|
||||
#listen-host = [IP|HOSTNAME]
|
||||
|
||||
@@ -16,8 +24,8 @@ max-clients = 16
|
||||
max-same-clients = 2
|
||||
|
||||
# TCP and UDP port number
|
||||
tcp-port = 3333
|
||||
udp-port = 3333
|
||||
tcp-port = 443
|
||||
udp-port = 443
|
||||
|
||||
# Keepalive in seconds
|
||||
keepalive = 32400
|
||||
|
||||
Reference in New Issue
Block a user