mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 08:16:58 +08:00
Typos found by codespell
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
This commit is contained in:
Dimitri Papadopoulos
committed by
Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
parent
d8d19837d9
commit
81df79a95b
@@ -2,7 +2,7 @@
|
||||
|
||||
Anyone is welcome to contribute to ocserv. You can either take up
|
||||
tasks from our [planned list](https://gitlab.com/ocserv/ocserv/milestones),
|
||||
or suprise us with enhancement we didn't plan for. In all cases be prepared
|
||||
or surprise us with enhancement we didn't plan for. In all cases be prepared
|
||||
to defend and justify your enhancements, and get through few rounds
|
||||
of changes.
|
||||
|
||||
|
||||
12
NEWS
12
NEWS
@@ -38,7 +38,7 @@
|
||||
a client with an RSA key (#318)
|
||||
- Enable a race free user disconnection via occtl (#59)
|
||||
- Added the config option of a pre-login-banner (#313)
|
||||
- Ocserv siwtched to using multiple ocserv-sm processes to improve scale,
|
||||
- Ocserv switched to using multiple ocserv-sm processes to improve scale,
|
||||
with the number of ocserv-sm process dependent on maximum clients and
|
||||
number of CPUs. Configuration option sec-mod-scale can be used to override
|
||||
the heuristics.
|
||||
@@ -217,7 +217,7 @@
|
||||
* Version 0.11.6 (released 2016-11-14)
|
||||
- ocserv: Improved detection of mobile clients (for android and ios clients)
|
||||
- ocserv: Update the worker's ID on Radius accounting messages.
|
||||
That is, even if we initially advertize the ID of the worker
|
||||
That is, even if we initially advertise the ID of the worker
|
||||
handling the client as NAS-Port, the client may eventually end-up
|
||||
being served by another process with different ID. In that case we make
|
||||
sure that the radius server is notified on the next accounting message.
|
||||
@@ -587,7 +587,7 @@
|
||||
|
||||
* Version 0.8.1 (released 2014-06-28)
|
||||
|
||||
- Fix endianess issue with internal messages.
|
||||
- Fix endianness issue with internal messages.
|
||||
- FreeBSD system fixes, contributed by Brian Chu.
|
||||
- Added openconnect 3.20 compatibility.
|
||||
- Added support for session control (in PAM or any other potential
|
||||
@@ -641,7 +641,7 @@
|
||||
* Version 0.3.6 (released 2014-05-24)
|
||||
|
||||
- Use a variant of memset() that cannot be optimized out while
|
||||
overwritting critical parameters.
|
||||
overwriting critical parameters.
|
||||
|
||||
|
||||
* Version 0.3.5 (released 2014-05-08)
|
||||
@@ -683,7 +683,7 @@
|
||||
|
||||
- Allow a number of retries (3) in plain password authentication.
|
||||
- Added doc/profile.xml to the distribution.
|
||||
- ocserv's '-d' option accepts a numeric argument (0-9) that gradualy
|
||||
- ocserv's '-d' option accepts a numeric argument (0-9) that gradually
|
||||
increases verbosity.
|
||||
- Added the 'mobile-dpd' config option. That allows providing a
|
||||
longer DPD value to mobile clients to prevent waking them up
|
||||
@@ -691,7 +691,7 @@
|
||||
- Added the 'idle-timeout' and 'mobile-idle-timeout' config
|
||||
options. They ensure that an idle session will be disconnected.
|
||||
- Added the 'rekey-method' config option. With this option the
|
||||
advertized rekey method to the client can be overriden.
|
||||
advertised rekey method to the client can be overridden.
|
||||
- occtl will now print the bandwidth limits, routes, iroutes, dns
|
||||
and nbns values per user.
|
||||
- Added configure options to disable checking for certain libraries,
|
||||
|
||||
@@ -191,7 +191,7 @@ roam between networks without significant disruption in the VPN service.
|
||||
|
||||
## When compile with --enable-latency-stats
|
||||
|
||||
The ocserv server gathers statistical data about the latency incurred while processing received DTLS packets. Due to the volume of data being collected, processing is perfomed in batches. Batch size is a tradeoff of memory usage and statistical accuracy. All values are stored in microseconds (10^-6 seconds).
|
||||
The ocserv server gathers statistical data about the latency incurred while processing received DTLS packets. Due to the volume of data being collected, processing is performed in batches. Batch size is a tradeoff of memory usage and statistical accuracy. All values are stored in microseconds (10^-6 seconds).
|
||||
|
||||
* Latency samples are first batched by the ocserv-worker, which gathers LATENCY_SAMPLE_SIZE (1024) of latency data.
|
||||
|
||||
@@ -209,14 +209,14 @@ The ocserv server gathers statistical data about the latency incurred while proc
|
||||
|
||||
## Load Balancer integration
|
||||
|
||||
Ocserv can be deployed behind a layer 3 load balancer to support high availabilty and scale.
|
||||
Ocserv can be deployed behind a layer 3 load balancer to support high availability and scale.
|
||||
|
||||
### Example load balancer configuration using keepalived.
|
||||
This is not intended as an exhaustive guide to configuring keepalived, but rather as a high level overview.
|
||||
|
||||
* One or more hosts (directors) running keepalived, with a virtual IP assigned to them, optionally using VRRP to manage VIP failover (not shown here).
|
||||
|
||||
* Three or more instances of ocserv running on hosts (real-server). Virtual IP assigned to the loopback interface with an ARP filter to prevent them from avertising.
|
||||
* Three or more instances of ocserv running on hosts (real-server). Virtual IP assigned to the loopback interface with an ARP filter to prevent them from advertising.
|
||||
|
||||
* Define a iptables rule to tag incoming traffic to be load balanced:
|
||||
```
|
||||
@@ -253,4 +253,4 @@ virtual_server fwmark 1 {
|
||||
|
||||
* Set ocserv option "server-drain-ms = 10000" (2 times the health check interval) to permit graceful shutdown of ocserv instances. This setting adds a delay between the time when the server stops accepting new connections (which causes the load balancer to view it as unhealthy) and when existing clients are disconnected. This prevents clients from attempting to reconnect to a server that is shutting down or has recently shutdown.
|
||||
|
||||
* Notes on sizing the HA cluster. Best practices for high availability are to maintain a minimum of two spare nodes as this permits for one node to be undergoing maintenance and for an unplanned failure on a second node. Each node should be sized to account for a rapid reconnect of all clients, which will cause a spike of CPU utilization due to TLS key exchange. The rate-limit-ms can be used to flatten the spike at the expense of some clients retrying their connections.
|
||||
* Notes on sizing the HA cluster. Best practices for high availability are to maintain a minimum of two spare nodes as this permits for one node to be undergoing maintenance and for an unplanned failure on a second node. Each node should be sized to account for a rapid reconnect of all clients, which will cause a spike of CPU utilization due to TLS key exchange. The rate-limit-ms can be used to flatten the spike at the expense of some clients retrying their connections.
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
# and all configuration will be read from radius. That also includes the
|
||||
# Acct-Interim-Interval, and Session-Timeout values.
|
||||
#
|
||||
# See doc/README-radius.md for the supported radius configuration atributes.
|
||||
# See doc/README-radius.md for the supported radius configuration attributes.
|
||||
#
|
||||
# gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]
|
||||
# The gssapi option allows one to use authentication methods supported by GSSAPI,
|
||||
|
||||
@@ -280,7 +280,7 @@ static uint32_t hashlittle( const void *key, size_t length, uint32_t *val2 )
|
||||
* rest of the string. Every machine with memory protection I've seen
|
||||
* does it on word boundaries, so is OK with this. But VALGRIND will
|
||||
* still catch it and complain. The masking trick does make the hash
|
||||
* noticably faster for short strings (like English words).
|
||||
* noticeably faster for short strings (like English words).
|
||||
*
|
||||
* Not on my testing with gcc 4.5 on an intel i5 CPU, at least --RR.
|
||||
*/
|
||||
@@ -457,7 +457,7 @@ static uint32_t hashbig( const void *key, size_t length, uint32_t *val2)
|
||||
* rest of the string. Every machine with memory protection I've seen
|
||||
* does it on word boundaries, so is OK with this. But VALGRIND will
|
||||
* still catch it and complain. The masking trick does make the hash
|
||||
* noticably faster for short strings (like English words).
|
||||
* noticeably faster for short strings (like English words).
|
||||
*
|
||||
* Not on my testing with gcc 4.5 on an intel i5 CPU, at least --RR.
|
||||
*/
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
* #include <stdio.h>
|
||||
* #include <string.h>
|
||||
*
|
||||
* // Simple demonstration: idential strings will have the same hash, but
|
||||
* // Simple demonstration: identical strings will have the same hash, but
|
||||
* // two different strings will probably not.
|
||||
* int main(int argc, char *argv[])
|
||||
* {
|
||||
@@ -164,7 +164,7 @@ static inline uint32_t hash_string(const char *string)
|
||||
* #include <stdio.h>
|
||||
* #include <string.h>
|
||||
*
|
||||
* // Simple demonstration: idential strings will have the same hash, but
|
||||
* // Simple demonstration: identical strings will have the same hash, but
|
||||
* // two different strings will probably not.
|
||||
* int main(int argc, char *argv[])
|
||||
* {
|
||||
|
||||
@@ -377,7 +377,7 @@ static inline const void *list_tail_(const struct list_head *h, size_t off)
|
||||
/**
|
||||
* list_for_each_off - iterate through a list of memory regions.
|
||||
* @h: the list_head
|
||||
* @i: the pointer to a memory region wich contains list node data.
|
||||
* @i: the pointer to a memory region which contains list node data.
|
||||
* @off: offset(relative to @i) at which list node data resides.
|
||||
*
|
||||
* This is a low-level wrapper to iterate @i over the entire list, used to
|
||||
@@ -385,12 +385,12 @@ static inline const void *list_tail_(const struct list_head *h, size_t off)
|
||||
* so you can break and continue as normal.
|
||||
*
|
||||
* WARNING! Being the low-level macro that it is, this wrapper doesn't know
|
||||
* nor care about the type of @i. The only assumtion made is that @i points
|
||||
* nor care about the type of @i. The only assumption made is that @i points
|
||||
* to a chunk of memory that at some @offset, relative to @i, contains a
|
||||
* properly filled `struct node_list' which in turn contains pointers to
|
||||
* memory chunks and it's turtles all the way down. Whith all that in mind
|
||||
* memory chunks and it's turtles all the way down. With all that in mind
|
||||
* remember that given the wrong pointer/offset couple this macro will
|
||||
* happilly churn all you memory untill SEGFAULT stops it, in other words
|
||||
* happilly churn all you memory until SEGFAULT stops it, in other words
|
||||
* caveat emptor.
|
||||
*
|
||||
* It is worth mentioning that one of legitimate use-cases for that wrapper
|
||||
@@ -413,7 +413,7 @@ static inline const void *list_tail_(const struct list_head *h, size_t off)
|
||||
* list_for_each_safe_off - iterate through a list of memory regions, maybe
|
||||
* during deletion
|
||||
* @h: the list_head
|
||||
* @i: the pointer to a memory region wich contains list node data.
|
||||
* @i: the pointer to a memory region which contains list node data.
|
||||
* @nxt: the structure containing the list_node
|
||||
* @off: offset(relative to @i) at which list node data resides.
|
||||
*
|
||||
|
||||
@@ -621,7 +621,7 @@ static inline int talloc_unreference(const void *context, const void *ptr)
|
||||
|
||||
/*
|
||||
remove a specific parent context from a pointer. This is a more
|
||||
controlled varient of talloc_free()
|
||||
controlled variant of talloc_free()
|
||||
*/
|
||||
int talloc_unlink(const void *context, void *ptr)
|
||||
{
|
||||
|
||||
@@ -950,7 +950,7 @@ void *talloc_autofree_context(void);
|
||||
* talloc_get_size - get the requested size of an allocation
|
||||
* @ctx: the talloc pointer whose allocation to measure.
|
||||
*
|
||||
* This function lets you know the amount of memory alloced so far by this
|
||||
* This function lets you know the amount of memory allocated so far by this
|
||||
* context. It does NOT account for subcontext memory.
|
||||
*
|
||||
* See Also:
|
||||
|
||||
@@ -1839,7 +1839,7 @@ reexecute:
|
||||
/* Here we call the headers_complete callback. This is somewhat
|
||||
* different than other callbacks because if the user returns 1, we
|
||||
* will interpret that as saying that this message has no body. This
|
||||
* is needed for the annoying case of recieving a response to a HEAD
|
||||
* is needed for the annoying case of receiving a response to a HEAD
|
||||
* request.
|
||||
*
|
||||
* We'd like to use CALLBACK_NOTIFY_NOADVANCE() here but we cannot, so
|
||||
@@ -1950,7 +1950,7 @@ reexecute:
|
||||
&& parser->content_length != ULLONG_MAX);
|
||||
|
||||
/* The difference between advancing content_length and p is because
|
||||
* the latter will automaticaly advance on the next loop iteration.
|
||||
* the latter will automatically advance on the next loop iteration.
|
||||
* Further, if content_length ends up at 0, we want to see the last
|
||||
* byte again for our message complete callback.
|
||||
*/
|
||||
@@ -2444,7 +2444,7 @@ http_parser_parse_url(const char *buf, size_t buflen, int is_connect,
|
||||
case s_dead:
|
||||
return 1;
|
||||
|
||||
/* Skip delimeters */
|
||||
/* Skip delimiters */
|
||||
case s_req_schema_slash:
|
||||
case s_req_schema_slash_slash:
|
||||
case s_req_server_start:
|
||||
|
||||
@@ -54,7 +54,7 @@ typedef unsigned __int64 uint64_t;
|
||||
# define HTTP_PARSER_STRICT 1
|
||||
#endif
|
||||
|
||||
/* Maximium header size allowed. If the macro is not defined
|
||||
/* Maximum header size allowed. If the macro is not defined
|
||||
* before including this header then the default is used. To
|
||||
* change the maximum header size, define the macro in the build
|
||||
* environment (e.g. -DHTTP_MAX_HEADER_SIZE=<value>). To remove
|
||||
@@ -79,7 +79,7 @@ typedef struct http_parser_settings http_parser_settings;
|
||||
* chunked' headers that indicate the presence of a body.
|
||||
*
|
||||
* Returning `2` from on_headers_complete will tell parser that it should not
|
||||
* expect neither a body nor any futher responses on this connection. This is
|
||||
* expect neither a body nor any further responses on this connection. This is
|
||||
* useful for handling responses to a CONNECT request which may not contain
|
||||
* `Upgrade` or `Connection: upgrade` headers.
|
||||
*
|
||||
|
||||
@@ -396,7 +396,7 @@ const char* script, *next_script = NULL;
|
||||
return ERR_WAIT_FOR_SCRIPT;
|
||||
} else {
|
||||
/* we don't add a specific handler for SCRIPT_CONNECT and SCRIPT_HOST_UPDATE
|
||||
* childs. We rely on libev's child reaping of unwatched children.
|
||||
* children. We rely on libev's child reaping of unwatched children.
|
||||
*/
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
/**
|
||||
* hex_decode - Unpack a hex string.
|
||||
* @str: the hexidecimal string
|
||||
* @str: the hexadecimal string
|
||||
* @slen: the length of @str
|
||||
* @buf: the buffer to write the data into
|
||||
* @bufsize: the length of @buf
|
||||
|
||||
@@ -83,7 +83,7 @@ char *geo_lookup(const char *ip, char *buf, unsigned buf_size)
|
||||
MMDB_lookup_result_s result =
|
||||
pMMDB_lookup_string(&mmdb, ip, &gai_error, &mmdb_error);
|
||||
if (MMDB_SUCCESS == mmdb_error) {
|
||||
/* If the lookup was successfull and an entry was found */
|
||||
/* If the lookup was successful and an entry was found */
|
||||
if (result.found_entry) {
|
||||
memset(&entry_data, 0,
|
||||
sizeof(MMDB_entry_data_s));
|
||||
@@ -117,7 +117,7 @@ char *geo_lookup(const char *ip, char *buf, unsigned buf_size)
|
||||
MMDB_lookup_result_s result =
|
||||
pMMDB_lookup_string(&mmdb, ip, &gai_error, &mmdb_error);
|
||||
if (MMDB_SUCCESS == mmdb_error) {
|
||||
/* If the lookup was successfull and an entry was found */
|
||||
/* If the lookup was successful and an entry was found */
|
||||
if (result.found_entry) {
|
||||
memset(&entry_data, 0,
|
||||
sizeof(MMDB_entry_data_s));
|
||||
|
||||
@@ -276,7 +276,7 @@ static int handle_exit_cmd(CONN_TYPE * conn, const char *arg, cmd_params_st *par
|
||||
exit(0);
|
||||
}
|
||||
|
||||
/* checks whether an input command of type " list users" maches
|
||||
/* checks whether an input command of type " list users" matches
|
||||
* the given cmd (e.g., "list users"). If yes it executes func() and returns true.
|
||||
*/
|
||||
static
|
||||
|
||||
@@ -54,7 +54,7 @@
|
||||
#define CO_USE_SIGCONTEXT
|
||||
|
||||
/*
|
||||
* Use this in conjuction with CO_USE_SIGCONTEXT to use the sigaltstack
|
||||
* Use this in conjunction with CO_USE_SIGCONTEXT to use the sigaltstack
|
||||
* environment (suggested when CO_USE_SIGCONTEXT is defined).
|
||||
*/
|
||||
#if defined(HAVE_SIGALTSTACK)
|
||||
|
||||
@@ -97,7 +97,7 @@ cothread_ctx *co_get_thread_ctx(void)
|
||||
|
||||
#else
|
||||
/*
|
||||
* On Unix, we use pthread. Sligthly more complicated ...
|
||||
* On Unix, we use pthread. Slightly more complicated ...
|
||||
*/
|
||||
#include <pthread.h>
|
||||
|
||||
|
||||
@@ -209,7 +209,7 @@ void expire_client_entry(sec_mod_st *sec, client_entry_st * e)
|
||||
del_client_entry(sec, e);
|
||||
} else {
|
||||
now = time(0);
|
||||
/* We intentionally don't close the session immediatelly on
|
||||
/* We intentionally don't close the session immediately on
|
||||
* REASON_USER_DISCONNECT, as some anyconect clients
|
||||
* explicitly disconnect with the intention to reconnect
|
||||
* seconds later. */
|
||||
|
||||
@@ -1056,7 +1056,7 @@ void sec_mod_server(void *main_pool, void *config_pool, struct list_head *vconfi
|
||||
}
|
||||
|
||||
/* we use two fds for communication with main. The synchronous is for
|
||||
* ping-pong communication which each request is answered immediated. The
|
||||
* ping-pong communication where each request is answered immediately. The
|
||||
* async is for messages sent back and forth in no particular order */
|
||||
if (FD_ISSET(cmd_fd_sync, &rd_set)) {
|
||||
ret = serve_request_main(sec, cmd_fd_sync, buffer, buffer_size);
|
||||
|
||||
@@ -44,8 +44,8 @@ typedef struct sec_mod_st {
|
||||
|
||||
tls_sess_db_st tls_db;
|
||||
uint64_t auth_failures; /* auth failures since the last update (SECM_CLI_STATS) we sent to main */
|
||||
uint32_t max_auth_time; /* the maximum time spent in (sucessful) authentication */
|
||||
uint32_t avg_auth_time; /* the average time spent in (sucessful) authentication */
|
||||
uint32_t max_auth_time; /* the maximum time spent in (successful) authentication */
|
||||
uint32_t avg_auth_time; /* the average time spent in (successful) authentication */
|
||||
uint32_t total_authentications; /* successful authentications: to calculate the average above */
|
||||
time_t last_stats_reset;
|
||||
const uint8_t hmac_key[HMAC_DIGEST_SIZE];
|
||||
|
||||
@@ -27,7 +27,7 @@
|
||||
# if defined(__linux__)
|
||||
# include <sys/prctl.h>
|
||||
|
||||
/* This sets the proccess title as shown in top, but not in ps (*@#%@).
|
||||
/* This sets the process title as shown in top, but not in ps (*@#%@).
|
||||
* To change the ps name in Linux, one needs to do master black magic
|
||||
* trickery (see util-linux setproctitle).
|
||||
*/
|
||||
|
||||
@@ -874,7 +874,7 @@ int get_cert_info(worker_st * ws)
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* this is superflous. Verification has already been performed
|
||||
/* this is superfluous. Verification has already been performed
|
||||
* during handshake. */
|
||||
cert = gnutls_certificate_get_peers(ws->session, &ncerts);
|
||||
|
||||
|
||||
@@ -151,7 +151,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
#ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
#ipv4-dns = 192.168.1.1
|
||||
#ipv4-dns = 192.168.5.1
|
||||
|
||||
|
||||
@@ -140,7 +140,7 @@ ipv4-network = @VPNNET@
|
||||
|
||||
ipv6-network = @VPNNET6@
|
||||
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -151,7 +151,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -151,7 +151,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -210,7 +210,7 @@ default-domain = example.com
|
||||
ipv4-network = @VPNNET@
|
||||
ipv6-network = @VPNNET6@
|
||||
|
||||
# The advertized DNS server. Use multiple lines for
|
||||
# The advertised DNS server. Use multiple lines for
|
||||
# multiple servers.
|
||||
# dns = fc00::4be0
|
||||
#dns = 192.168.1.2
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.5.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.5.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -153,7 +153,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -153,7 +153,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -139,7 +139,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -1153,7 +1153,7 @@ authorize {
|
||||
#logintime
|
||||
|
||||
#
|
||||
# Multifactor authentification used if User-Name format test[0123456789]*-otp
|
||||
# Multifactor authentication used if User-Name format test[0123456789]*-otp
|
||||
# and attribute &control:Tmp-Integer-0 (number of challenges) have a non zero value
|
||||
if (User-Name =~ /^test[0123456789]*-otp$/m && (!&State || &control:Tmp-Integer-0 > "%{expr: %{string:State}}") && &control:Tmp-Integer-0 > 0) {
|
||||
update control {
|
||||
@@ -1218,7 +1218,7 @@ authenticate {
|
||||
# in the 'authorize' section supplies a password and Auth-Type=OTP. The
|
||||
# password can be clear-text, or encrypted. Initial State value is 1.
|
||||
# Number of challenges is a value of &control:Tmp-Octets-0. Default is 0 -
|
||||
# module skiped.
|
||||
# module skipped.
|
||||
Auth-Type OTP {
|
||||
pap {
|
||||
ok = 1
|
||||
|
||||
@@ -215,7 +215,7 @@ default-domain = example.com
|
||||
ipv4-network = @VPNNET@
|
||||
ipv6-network = @VPNNET6@
|
||||
|
||||
# The advertized DNS server. Use multiple lines for
|
||||
# The advertised DNS server. Use multiple lines for
|
||||
# multiple servers.
|
||||
# dns = fc00::4be0
|
||||
#dns = 192.168.1.2
|
||||
|
||||
@@ -232,7 +232,7 @@ default-domain = example.com
|
||||
ipv4-network = @VPNNET@
|
||||
ipv6-network = @VPNNET6@
|
||||
|
||||
# The advertized DNS server. Use multiple lines for
|
||||
# The advertised DNS server. Use multiple lines for
|
||||
# multiple servers.
|
||||
# dns = fc00::4be0
|
||||
#dns = 192.168.1.2
|
||||
|
||||
@@ -211,7 +211,7 @@ default-domain = example.com
|
||||
ipv4-network = @VPNNET@
|
||||
ipv6-network = @VPNNET6@
|
||||
|
||||
# The advertized DNS server. Use multiple lines for
|
||||
# The advertised DNS server. Use multiple lines for
|
||||
# multiple servers.
|
||||
# dns = fc00::4be0
|
||||
#dns = 192.168.1.2
|
||||
|
||||
@@ -26,7 +26,7 @@ login_timeout 60
|
||||
# service. if this fails also a compiled in default is used.
|
||||
authserver localhost
|
||||
|
||||
# RADIUS server to use for accouting requests. All that I
|
||||
# RADIUS server to use for accounting requests. All that I
|
||||
# said for authserver applies, too.
|
||||
#
|
||||
acctserver localhost
|
||||
@@ -48,7 +48,7 @@ seqfile ./radius.seq.tmp
|
||||
|
||||
# default authentication realm to append to all usernames if no
|
||||
# realm was explicitly specified by the user
|
||||
# the radiusd directly form Livingston doesnt use any realms, so leave
|
||||
# the radiusd directly form Livingston doesn't use any realms, so leave
|
||||
# it blank then
|
||||
default_realm
|
||||
|
||||
|
||||
@@ -144,7 +144,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -153,7 +153,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -150,7 +150,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -150,7 +150,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -149,7 +149,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -149,7 +149,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -149,7 +149,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -150,7 +150,7 @@ ipv4-netmask = 255.255.255.0
|
||||
|
||||
ipv6-network = fda9:4efe:7e3b:03ea::/64
|
||||
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -154,7 +154,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -153,7 +153,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -156,7 +156,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -152,7 +152,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -152,7 +152,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -151,7 +151,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -151,7 +151,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -150,7 +150,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
@@ -185,4 +185,4 @@ ping-leases = false
|
||||
# should be set for them.
|
||||
#always-require-cert = false
|
||||
|
||||
sec-mod-scale = 2
|
||||
sec-mod-scale = 2
|
||||
|
||||
@@ -159,7 +159,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -160,7 +160,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -159,7 +159,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -144,7 +144,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -152,7 +152,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
ipv4-dns = 192.168.5.1
|
||||
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -149,7 +149,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
# User authentication method. Could be set multiple times and in that case
|
||||
# User authentication method. Could be set multiple times and in that case
|
||||
# all should succeed.
|
||||
# Options: certificate, pam.
|
||||
auth = "certificate"
|
||||
@@ -147,7 +148,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -141,7 +141,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
#ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -149,7 +149,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -145,7 +145,7 @@ device = vpns
|
||||
default-domain = example.com
|
||||
|
||||
ipv4-network = @VPNNET@
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.5.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.5.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -154,7 +154,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -154,7 +154,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -149,7 +149,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -139,7 +139,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
ipv4-dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -147,7 +147,7 @@ default-domain = example.com
|
||||
|
||||
ipv4-network = 192.168.1.0
|
||||
ipv4-netmask = 255.255.255.0
|
||||
# Use the keywork local to advertize the local P-t-P address as DNS server
|
||||
# Use the keyword local to advertise the local P-t-P address as DNS server
|
||||
dns = 192.168.1.1
|
||||
|
||||
# The NBNS server (if any)
|
||||
|
||||
@@ -59,7 +59,7 @@
|
||||
# 2) There are two different functions to set routes: generic routes and the
|
||||
# default route. Why isn't the defaultroute handled via the generic route case?
|
||||
# 3) In the split tunnel case, all routes but the default route might get replaced
|
||||
# without getting restored later. We should explicitely check and save them just
|
||||
# without getting restored later. We should explicitly check and save them just
|
||||
# like the defaultroute
|
||||
# 4) Replies to a dhcp-server should never be sent into the tunnel
|
||||
|
||||
@@ -271,7 +271,7 @@ if [ -n "$IPROUTE" ]; then
|
||||
else # use route command
|
||||
get_default_gw() {
|
||||
# isn't -n supposed to give --numeric output?
|
||||
# apperently not...
|
||||
# apparently not...
|
||||
# Get rid of lines containing IPv6 addresses (':')
|
||||
netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user