2026-02-09 08:16:58 +08:00 · 2026-01-20 10:42:15 -05:00
parent 1c156d8325
commit b080d7dd2b
81 changed files with 37 additions and 311 deletions
							
							
							
						
@@ -1,6 +1,10 @@
* Version 1.4.1 (unreleased)
- occtl: Fix column misalignment in ban command outputs
- Handle dotted client hostnames (e.g., .local) by stripping the domain suffix
- Renamed `min-reauth-time` configuration option to `ban-time` to better reflect
  its purpose (#676). This option defines the duration (in seconds) for which
  an IP address is banned after exceeding the maximum allowed `max-ban-score`.
  Default is 300 seconds (5 minutes).
* Version 1.4.0 (released 2026-01-04)
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -340,13 +340,9 @@ auth-timeout = 240
# traffic) before being disconnected. Unset to disable.
#mobile-idle-timeout = 2400
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
min-reauth-time = 300
# Banning clients in ocserv works with a point system. IP addresses
# that get a score over that configured number are banned for
# min-reauth-time seconds. By default a wrong password attempt is 10 points,
# ban-time seconds. By default a wrong password attempt is 10 points,
# a KKDCP POST is 1 point, and a connection is 1 point. Note that
# due to different processes being involved the count of points
# will not be real-time precise. Local subnet IPs are exempt to allow
							
							
							
								
							
						
@@ -355,6 +351,10 @@ min-reauth-time = 300
# Set to zero to disable.
max-ban-score = 80
# The duration (in seconds) an IP address remains banned
# after exceeding max-ban-score.
ban-time = 300
# The time (in seconds) that all score kept for a client is reset.
ban-reset-time = 1200
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -651,6 +651,7 @@ static void apply_default_conf(vhost_cfg_st *vhost, unsigned int reload)
	vhost->perm_config.config->cookie_timeout =
		DEFAULT_COOKIE_RECON_TIMEOUT;
	vhost->perm_config.config->auth_timeout = DEFAULT_AUTH_TIMEOUT_SECS;
	vhost->perm_config.config->ban_time = DEFAULT_BAN_TIME;
	vhost->perm_config.config->ban_reset_time = DEFAULT_BAN_RESET_TIME;
	vhost->perm_config.config->max_ban_score = DEFAULT_MAX_BAN_SCORE;
	vhost->perm_config.config->ban_points_wrong_password =
							
								
							
							
								
							
							
						
@@ -1204,9 +1205,12 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name,
		if (!WARN_ON_VHOST(vhost->name, "max-clients", max_clients))
			READ_NUMERIC(config->max_clients);
	} else if (strcmp(name, "min-reauth-time") == 0) {
		if (!WARN_ON_VHOST(vhost->name, "min-reauth-time",
				   min_reauth_time))
			READ_NUMERIC(config->min_reauth_time);
		READ_NUMERIC(config->ban_time);
		fprintf(stderr, NOTESTR
			"'min-reauth-time' was replaced by 'ban-time'\n");
	} else if (strcmp(name, "ban-time") == 0) {
		if (!WARN_ON_VHOST(vhost->name, "ban-time", ban_time))
			READ_NUMERIC(config->ban_time);
	} else if (strcmp(name, "ban-reset-time") == 0) {
		if (!WARN_ON_VHOST(vhost->name, "ban-reset-time",
				   ban_reset_time))
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -130,7 +130,7 @@ static int add_ip_to_ban_list(main_server_st *s, const unsigned char *ip,
	struct ban_entry_st *e;
	ban_entry_st t;
	time_t now = time(NULL);
	time_t expiration = now + GETCONFIG(s)->min_reauth_time;
	time_t expiration = now + GETCONFIG(s)->ban_time;
	int ret = 0;
	char str_ip[MAX_IP_STR];
	const char *p_str_ip = NULL;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -90,6 +90,7 @@ inline static const char *proto_to_str(fw_proto_t proto)
#define DEFAULT_CONNECT_POINTS 1
#define DEFAULT_KKDCP_POINTS 1
#define DEFAULT_MAX_BAN_SCORE (MAX_PASSWORD_TRIES * DEFAULT_PASSWORD_POINTS)
#define DEFAULT_BAN_TIME 300
#define DEFAULT_BAN_RESET_TIME 300
#define MIN_NO_COMPRESS_LIMIT 64
							
								
							
							
								
							
							
						
@@ -267,7 +268,7 @@ struct cfg_st {
	time_t rekey_time; /* in seconds */
	unsigned int rekey_method; /* REKEY_METHOD_ */
	time_t min_reauth_time; /* after a failed auth, how soon one can reauthenticate -> in seconds */
	time_t ban_time; /* duration IP remains banned after hitting max_ban_score -> in seconds */
	unsigned int
		max_ban_score; /* the score allowed before a user is banned (see vpn.h) */
	int ban_reset_time;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -77,7 +77,7 @@ int main(void)
	list_add(s->vconfig, &vhost->list);
	vhost->perm_config.config->max_ban_score = 20;
	vhost->perm_config.config->min_reauth_time = 30;
	vhost->perm_config.config->ban_time = 30;
	main_ban_db_init(s);
							
								
							
							
								
							
							
						
@@ -147,7 +147,7 @@ int main(void)
	}
	/* check expiration of entries */
	sleep(GETCONFIG(s)->min_reauth_time + 1);
	sleep(GETCONFIG(s)->ban_time + 1);
	if (check_if_banned_str(s, "192.168.1.1") != 0) {
		fprintf(stderr, "error in %d\n", __LINE__);
							
							
							
								
							
						
@@ -171,7 +171,7 @@ int main(void)
	}
	/* check cleanup */
	sleep(GETCONFIG(s)->min_reauth_time + 1);
	sleep(GETCONFIG(s)->ban_time + 1);
	cleanup_banned_entries(s);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ auth-timeout = 40
# before being disconnected. Unset to disable.
#idle-timeout = 5
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,10 +104,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,10 +104,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -100,10 +100,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -7,6 +7,7 @@ auth = "plain[@SRCDIR@/data/test1.passwd]"
isolate-workers = @ISOLATE_WORKERS@
#ban-time = 300
max-ban-score = 50
ban-reset-time = 10
ban-points-wrong-password = 10
							
								
							
							
								
							
							
						
@@ -107,10 +108,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,10 +104,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie timeout (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -135,10 +135,6 @@ auth-timeout = 40
# traffic) before being disconnected. Unset to disable.
#mobile-idle-timeout = 2400
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once
# this amount of seconds is elapsed. Set to zero to disable.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -113,10 +113,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -113,10 +113,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -140,10 +140,6 @@ auth-timeout = 40
# traffic) before being disconnected. Unset to disable.
#mobile-idle-timeout = 2400
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once
# this amount of seconds is elapsed. Set to zero to disable.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -141,10 +141,6 @@ auth-timeout = 40
# traffic) before being disconnected. Unset to disable.
#mobile-idle-timeout = 2400
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once
# this amount of seconds is elapsed. Set to zero to disable.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -136,13 +136,9 @@ auth-timeout = 40
# traffic) before being disconnected. Unset to disable.
#mobile-idle-timeout = 2400
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Banning clients in ocserv works with a point system. IP addresses
# that get a score over that configured number are banned for
# min-reauth-time seconds. By default a wrong password attempt is 10 points,
# ban-time seconds. By default a wrong password attempt is 10 points,
# a KKDCP POST is 1 point, and a connection is 1 point. Note that
# due to difference processes being involved the count of points
# will not be real-time precise.
							
							
							
								
							
						
@@ -153,6 +149,10 @@ auth-timeout = 40
# Set to zero to disable.
max-ban-score = 40
# The duration (in seconds) an IP address remains banned
# after exceeding max-ban-score.
#ban-time = 300
# The time (in seconds) that all score kept for a client is reset.
ban-reset-time = 300
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -136,10 +136,6 @@ auth-timeout = 40
# traffic) before being disconnected. Unset to disable.
#mobile-idle-timeout = 2400
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once
# this amount of seconds is elapsed. Set to zero to disable.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,10 +104,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie timeout (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,9 +101,9 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
min-reauth-time = 20
# The duration (in seconds) an IP address remains banned
# after exceeding max-ban-score.
ban-time = 20
max-ban-score = 50
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie timeout (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie timeout (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -113,10 +113,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie timeout (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie timeout (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -108,10 +108,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -113,10 +113,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -110,10 +110,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,10 +104,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -104,10 +104,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,9 +103,9 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
min-reauth-time = 20
# The duration (in seconds) an IP address remains banned
# after exceeding max-ban-score.
ban-time = 20
max-ban-score = 50
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -99,9 +99,9 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
min-reauth-time = 20
# The duration (in seconds) an IP address remains banned
# after exceeding max-ban-score.
ban-time = 20
max-ban-score = 9999999
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -112,10 +112,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -111,10 +111,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ auth-timeout = 40
# before being disconnected. Unset to disable.
#idle-timeout = 5
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -102,10 +102,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -106,10 +106,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -108,10 +108,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -108,10 +108,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -105,10 +105,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -101,10 +101,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -103,10 +103,6 @@ tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),