Banner was made configurable.

src/config.c

@@ -158,6 +158,7 @@ unsigned j;
 	if (pid_file == NULL)
 		READ_STRING("pid-file", pid_file, 0);
 
+	READ_STRING("banner", config->banner, 0);
 	READ_TF("use-utmp", config->use_utmp, 0, 1);
 	READ_TF("try-mtu-discovery", config->try_mtu, 0, 0);
 
@@ -274,6 +275,7 @@ void reload_cfg_file(struct cfg_st* config)
 {
 unsigned i;
 
+	DEL(config->banner);
 	DEL(config->name);
 	DEL(config->cert);
 	DEL(config->key);

src/ocserv-args.c

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.c)
  *  
- *  It has been AutoGen-ed  February 24, 2013 at 11:23:54 AM by AutoGen 5.16
+ *  It has been AutoGen-ed  February 27, 2013 at 07:03:11 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/ocserv-args.def

@@ -79,6 +79,9 @@ An example configuration file follows.
 #auth = "certificate"
 auth = "pam"
 
+# A banner to be displayed on clients
+#banner = "Welcome"
+
 # Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
 #listen-host = [IP|HOSTNAME]
 

src/ocserv-args.h

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.h)
  *  
- *  It has been AutoGen-ed  February 24, 2013 at 11:23:54 AM by AutoGen 5.16
+ *  It has been AutoGen-ed  February 27, 2013 at 07:03:10 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/vpn.h

@@ -69,6 +69,7 @@ struct cfg_st {
 	gnutls_certificate_request_t cert_req;
 	char *priorities;
 	char *chroot_dir;	/* where the xml files are served from */
+	char *banner;
 	time_t cookie_validity;	/* in seconds */
 	unsigned auth_timeout; /* timeout of HTTP auth */
 	unsigned keepalive;

src/worker-vpn.c

@@ -642,6 +642,8 @@ unsigned mtu_overhead, tls_mtu = 0;
 	if (req->master_secret_set != 0) {
 		memcpy(ws->master_secret, req->master_secret, TLS_MASTER_SIZE);
 		ws->udp_state = UP_WAIT_FD;
+	} else {
+		oclog(ws, LOG_DEBUG, "disabling UDP (DTLS) connection");
 	}
 
 	if (vinfo.ipv4) {
@@ -694,9 +696,20 @@ unsigned mtu_overhead, tls_mtu = 0;
 	ret = tls_puts(ws->session, "X-CSTP-Smartcard-Removal-Disconnect: true\r\n");
 	SEND_ERR(ret);
 
+	ret = tls_printf(ws->session, "X-CSTP-Rekey-Time: %u\r\n", (unsigned)(2*ws->config->cookie_validity)/3);
+	SEND_ERR(ret);
 	ret = tls_puts(ws->session, "X-CSTP-Rekey-Method: new-tunnel\r\n");
 	SEND_ERR(ret);
 
+	ret = tls_puts(ws->session, "X-CSTP-Session-Timeout: none\r\n"
+		"X-CSTP-Idle-Timeout: none\r\n"
+		"X-CSTP-Disconnected-Timeout: none\r\n"
+		"X-CSTP-Keep: true\r\n"
+		"X-CSTP-TCP-Keepalive: true\r\n"
+		"X-CSTP-Tunnel-All-DNS: false\r\n"
+		);
+	SEND_ERR(ret);
+
 
 	tls_mtu = vinfo.mtu - 8;
 	if (req->cstp_mtu > 0) {
@@ -754,8 +767,10 @@ unsigned mtu_overhead, tls_mtu = 0;
 	else
 		send_tun_mtu(ws, ws->dtls_mtu-1);
 
-	ret = tls_puts(ws->session, "X-CSTP-Banner: Welcome\r\n");
-	SEND_ERR(ret);
+	if (ws->config->banner) {
+		ret = tls_printf(ws->session, "X-CSTP-Banner: %s\r\n", ws->config->banner);
+		SEND_ERR(ret);
+	}
 
 	ret = tls_puts(ws->session, "\r\n");
 	SEND_ERR(ret);