2026-02-10 08:46:58 +08:00 · 2013-02-15 23:00:03 +01:00
parent 0ff3f6de3c
commit 4ab7238051
3 changed files with 12 additions and 10 deletions
							
							
								
							
							
						
@@ -2,7 +2,7 @@
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.c)
 *  
 *  It has been AutoGen-ed  February 12, 2013 at 07:18:40 PM by AutoGen 5.16
 *  It has been AutoGen-ed  February 15, 2013 at 10:59:52 PM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -89,10 +89,10 @@ tcp-port = 3333
udp-port = 3333
# Keepalive in seconds
keepalive = 3600
keepalive = 32400
# Dead peer detection in seconds
dpd = 60
dpd = 240
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
							
								
							
							
								
							
							
						
@@ -133,7 +133,7 @@ auth-timeout = 40
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. This option sets the maximum lifetime
# of that cookie.
cookie-validity = 14400
cookie-validity = 43200
# A cookie database. If not set cookies are stored in memory and
# server restarts won't preserve them.
							
								
							
							
								
							
							
						
@@ -258,9 +258,10 @@ doc-section = {
  ds-format = 'texi';
  ds-text   = <<-_EOT_
Note that while this server utilizes privilege separation for password
authentication, this does not occur for TLS and client certificate authentication.
This was done to take advantage of multi-core systems by distributing the
expensive TLS calculations to the workers.
authentication, this does not apply for TLS and client certificate authentication.
This has the advantage of spreading TLS calculations to multiple workers (i.e. cores)
if available, but at the cost of each worker having a copy of the server's 
private key.
_EOT_;
};
							
							
							
								
							
						
@@ -271,8 +272,9 @@ doc-section = {
@subheading Features of the server
@itemize
@item Supports both TCP and UDP VPN tunnels using TLS and Datagram TLS.
@item Support for the server key being stored in TPM, a hardware security module (HSM), or smart card.
@item Authentication using PAM (username-password) or certificates
@item Support for the server key being stored in TPM, hardware security modules (HSM), or even a smart card. They can be specified as files using the tpmkey or pkcs11 URLs.
@item Authentication using PAM or certificates.
@item Each client is isolated from the others on a separate process with a separate tun device. This allows routing using the system facilies, allows having separate settings per user or group (e.g. bandwidth limits).
@item Privilege separation between the main process which performs TUN allocation and authentication, with the worker processes which handles messages from the client.
@item Registers VPN leases to UTMP and WTMP files.
@item Persistent storage of cookies, to allow a seamless server restart.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -2,7 +2,7 @@
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.h)
 *  
 *  It has been AutoGen-ed  February 12, 2013 at 07:18:40 PM by AutoGen 5.16
 *  It has been AutoGen-ed  February 15, 2013 at 10:59:52 PM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *