doc update

doc/ocserv.1

@@ -1,8 +1,8 @@
-.TH ocserv 1 "20 Feb 2013" "0.0.1" "User Commands"
+.TH ocserv 1 "22 Feb 2013" "0.0.1" "User Commands"
 .\"
 .\"  DO NOT EDIT THIS FILE   (ocserv-args.man)
 .\"  
-.\"  It has been AutoGen-ed  February 20, 2013 at 09:27:17 PM by AutoGen 5.16
+.\"  It has been AutoGen-ed  February 22, 2013 at 07:35:41 PM by AutoGen 5.16
 .\"  From the definitions    ../src/ocserv-args.def.tmp
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -217,15 +217,12 @@ server\-key = /path/to/key.pem
 #  OU (organizational unit) = 2.5.4.11 
 #cert\-group\-oid = 2.5.4.11
 .sp
-# A revocation list of ca\-cert is set
+# The revocation list of the certificates issued by the 'ca\-cert' above.
 #crl = /path/to/crl.pem
 .sp
 # GnuTLS priority string
 tls\-priorities = "PERFORMANCE:%SERVER_PRECEDENCE"
 .sp
-# The default server directory
-#chroot\-dir = /path/to/chroot
-.sp
 # The time (in seconds) that a client is allowed to stay connected prior
 # to authentication
 auth\-timeout = 40
@@ -244,7 +241,7 @@ cookie\-validity = 43200
 # Parameters are passed on the environment.
 # USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), 
 # DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
-# in the P\-t\-P connect), IP_REMOTE (the VPN IP of the client).
+# in the P\-t\-P connection), IP_REMOTE (the VPN IP of the client).
 #connect\-script = /usr/bin/myscript
 #disconnect\-script = /usr/bin/myscript
 .sp
@@ -254,27 +251,35 @@ use\-utmp = true
 # PID file
 pid\-file = /var/run/ocserv.pid
 .sp
+# The user the worker processes will be run as.
 run\-as\-user = nobody
 run\-as\-group = nogroup
 .sp
+#
 # Network settings
+#
 .sp
+# The name of the tun device
 device = vpns
 .sp
+# The pool of addresses that leases will be given from.
 ipv4\-network = 192.168.1.0
 ipv4\-netmask = 255.255.255.0
 # Use the keywork local to advertize the local P\-t\-P address as DNS server
 # ipv4\-dns = 192.168.2.1
 ipv4\-dns = local
 .sp
+# The same, but for IPv6.
 #ipv6\-address = 
 #ipv6\-mask = 
 #ipv6\-dns = 
 .sp
-# Leave empty to assign the default MTU of the device
+# Unset to assign the default MTU of the device
 # mtu = 
 .sp
-# routes to be sent to client.
+# Routes to be forwarded to the client. If you need the
+# client to forward routes to the server, you may use the connect 
+# and disconnect scripts.
 route = 192.168.1.0/255.255.255.0
 route = 192.168.5.0/255.255.255.0
 .sp

doc/sample.config

@@ -23,7 +23,7 @@ udp-port = 3333
 keepalive = 32400
 
 # Dead peer detection in seconds
-dpd = 240
+dpd = 440
 
 # MTU discovery (DPD must be enabled)
 try-mtu-discovery = false
@@ -32,13 +32,13 @@ try-mtu-discovery = false
 # The key may be a file, or any URL supported by GnuTLS (e.g., 
 # tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
 # or pkcs11:object=my-vpn-key;object-type=private)
-server-cert = /path/to/cert.pem
-server-key = /path/to/key.pem
+server-cert = ../test-cert.pem
+server-key = ../test-key.pem
 
 # In case PKCS #11 or TPM keys are used the PINs should be available
 # in files. The srk-pin-file is applicable to TPM keys only (It's the storage
 # root key).
-pin-file = /path/to/pin.txt
+#pin-file = /path/to/pin.txt
 #srk-pin-file = /path/to/srkpin.txt
 
 # The Certificate Authority that will be used
@@ -75,7 +75,7 @@ auth-timeout = 40
 # Once a client is authenticated he's provided a cookie with
 # which he can reconnect. This option sets the maximum lifetime
 # of that cookie.
-cookie-validity = 43200
+cookie-validity = 172800
 
 # A cookie database. If not set cookies are stored in memory and
 # server restarts won't preserve them.
@@ -116,4 +116,4 @@ ipv4-dns = local
 # mtu = 
 
 route = 192.168.1.0/255.255.255.0
-route = 192.168.5.0/255.255.255.0
+#route = 192.168.5.0/255.255.255.0