small updates. Added sample configuration.

src/main.c

@@ -67,31 +67,6 @@ static void tls_log_func(int level, const char *str)
 	syslog(LOG_DEBUG, "Debug[<%d>]: %s", level, str);
 }
 
-
-static struct cfg_st config = {
-	.auth_types = AUTH_TYPE_USERNAME_PASS,
-	.name = NULL,
-	.port = 3333,
-	.cert = "./test.pem",
-	.key = "./test.pem",
-	.cert_req = GNUTLS_CERT_IGNORE,
-	.cert_user_oid =
-	    GNUTLS_OID_LDAP_UID /* or just GNUTLS_OID_X520_COMMON_NAME */ ,
-#warning fix chroot
-	.chroot_dir = "root/",
-	.cookie_validity = 3600,
-	.db_file = "/tmp/db",
-	.uid = 65534,
-	.gid = 65534,
-	.ca = NULL,
-	.network = {
-		      .name = "vpns",
-		      .ipv4_netmask = "255.255.255.0",
-		      .ipv4 = "192.168.55.1",
-		      .ipv4_dns = "192.168.55.1",
-		      }
-};
-
 /* Returns 0 on success or negative value on error.
  */
 static int
@@ -392,15 +367,23 @@ int main(int argc, char** argv)
 	    gnutls_certificate_set_x509_key_file(creds.xcred, config.cert,
 						 config.key,
 						 GNUTLS_X509_FMT_PEM);
-	GNUTLS_FATAL_ERR(ret);
-
+	if (ret < 0) {
+		fprintf(stderr, "Error setting the certificate (%s) or key (%s) files.\n",
+			config.cert, config.key);
+		exit(1);
+	}
 
 	if (config.ca != NULL) {
 		ret =
 		    gnutls_certificate_set_x509_trust_file(creds.xcred,
 							   config.ca,
 							   GNUTLS_X509_FMT_PEM);
-		GNUTLS_FATAL_ERR(ret);
+		if (ret < 0) {
+			fprintf(stderr, "Error setting the CA (%s) file.\n",
+				config.ca);
+			exit(1);
+		}
+
 		printf("Processed %d CA certificate(s).\n", ret);
 	}
 
@@ -485,6 +468,7 @@ int main(int argc, char** argv)
 					exit(1);
 				}
 
+#warning chroot here?
 				pid = fork();
 				if (pid == 0) {	/* child */
 

src/ocserv-args.c

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.c)
  *  
- *  It has been AutoGen-ed  January 30, 2013 at 05:20:00 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  January 30, 2013 at 05:50:16 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *
@@ -65,7 +65,7 @@ extern FILE * option_usage_fp;
 /*
  *  ocserv option static const strings
  */
-static char const ocserv_opt_strs[1208] =
+static char const ocserv_opt_strs[1220] =
 /*     0 */ "ocserv\n"
             "Copyright (C) 2013 Nikos Mavrogiannopoulos, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -97,7 +97,7 @@ static char const ocserv_opt_strs[1208] =
 /*  1116 */ "\n\n\0"
 /*  1119 */ "\n"
             "OpenConnect VPN server.\n\0"
-/*  1145 */ "Usage: ocserv [options]\n"
+/*  1145 */ "Usage: ocserv [options] -c [config]\n"
             "ocserv --help for usage instructions.\n";
 
 /*

src/ocserv-args.def

@@ -8,7 +8,7 @@ gnu-usage;
 config-header = config.h;
 long-opts;
 no-misuse-usage;
-short-usage   = "Usage: ocserv [options]\nocserv --help for usage instructions.\n";
+short-usage   = "Usage: ocserv [options] -c [config]\nocserv --help for usage instructions.\n";
 explain       = "";
 detail        = "OpenConnect VPN server.";
 
@@ -48,9 +48,10 @@ An example configuration file follows.
 
 @example
 
-# User authentication method
-# Options certificate, pam.
-#auth = "pam,certificate"
+# User authentication method. Could be set multiple times and in that case
+# all should succeed.
+# Options: certificate, pam. 
+#auth = "certificate"
 auth = "pam"
 
 # Use listen-host to limit to specific IPs or to the IPs of a provided hostname.

src/ocserv-args.h

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.h)
  *  
- *  It has been AutoGen-ed  January 30, 2013 at 05:20:00 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  January 30, 2013 at 05:50:16 PM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/sample.config

@@ -0,0 +1,68 @@
+# User authentication method. Could be set multiple times and in that case
+# all should succeed.
+# Options: certificate, pam. 
+auth = "pam"
+
+# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
+# listen-host = [IP|HOSTNAME]
+
+# TCP port number
+tcp-port = 3333
+
+# UDP port number
+udp-port = 3334
+
+# The key and the certificates of the server
+server-cert = /home/nmav/cvs/ocserv/test.pem
+server-key = /home/nmav/cvs/ocserv/test.pem
+
+# The Certificate Authority that will be used
+# to verify clients if certificate authentication
+# is set.
+#ca-cert = /path/to/ca.pem
+
+# The object identifier that will be used to read the user ID in the client certificate.
+# The object identifier should be part of the certificate's DN
+#cert-user-oid = 0.9.2342.19200300.100.1.1
+
+# A revocation list of ca-cert is set
+#crl = /path/to/crl.pem
+
+# GnuTLS priority string
+tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE"
+
+# The default server directory
+#chroot-dir = /path/to/chroot
+
+# Cookie validity time (in seconds)
+# Once a client is authenticated he's provided a cookie with
+# which he can reconnect. This option sets the maximum lifetime
+# of that cookie.
+cookie-validity = 14400
+
+# Cookie database file. Where to store the cookies.
+cookie-db = /var/tmp/ocserv-cookie.db
+
+run-as-user = nobody
+run-as-group = nogroup
+
+# Network settings
+
+device = vpns
+
+# The pool from which the VPN user IPs will be drawn from.
+ipv4-network = 192.168.1.0
+ipv4-netmask = 255.255.255.0
+# Use the keywork local to advertize the local P-t-P address as DNS server
+# ipv4-dns = 192.168.2.1
+ipv4-dns = local
+
+#ipv6-address = 
+#ipv6-mask = 
+#ipv6-dns = 
+
+# Leave empty to assign the default MTU of the device
+# mtu = 
+
+route = 192.168.2.0/255.255.255.0
+route = 192.168.5.0/255.255.255.0