GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,784 Commits 19 Branches 88 Tags
0d8ee5e6a95d767e432e8f696fbc95e9a04de24c
Commit Graph

2784 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
0d8ee5e6a9 config: increased the default max-ban-score to 8 wrong password attempts 
This still prevents abuse, while allowing few more attempts than 5, which
are typically easily reached through software which remembers passwords.
At the same time increase the default ban time to 20 minutes.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-23 19:09:39 +02:00
Nikos Mavrogiannopoulos
53fe6218e6 occtl: always print the stats reset time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-19 19:57:30 +02:00
Nikos Mavrogiannopoulos
5e7f416e72 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 17:24:23 +03:00
Nikos Mavrogiannopoulos
c99ca67354 reset_stats: print session statistics prior to reset 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 17:02:28 +03:00
Nikos Mavrogiannopoulos
e135f8a54e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
e8b19309f1 sample.config: added server-stats-reset-time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
ccb80b5d4f occtl: improved presentation of printed statistics 
Also added different values to keep authentication failures
and closed sessions, in total and per accounting period.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
99b2fdcd06 Reset periodically the server statistics kept 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
d6ff620487 secmod sends periodically stats to main 
That ensures that statistics will reach main even if no
users are logged in/logged out.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
538d1bca21 occtl: print statistics provided by main 
Also introduced the --debug option.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
e9cf88f8c2 main: store additional statistics globally 
That is, store:
 * number of timed out sessions
 * number of timed out due being idle sessions
 * number of errored sessions
 * total number of session handled (closed)
 * total number of kbytes sent
 * total number of kbytes received
 * minimum MTU seen
 * maximum MTU seen
 * total authentication failures
 * average/max authentication time (in secs)
 * average/max session time (in minutes)

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
81d2a86eff tun: defined undeclared variable 'e' 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:27:02 +03:00
Nikos Mavrogiannopoulos
6e433a3bc5 update fedora build to F25 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 12:12:51 +03:00
Nikos Mavrogiannopoulos
1ac9c5bc49 .gitlab-ci.yml: explicitly install make in Centos/Fedora 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 12:12:26 +03:00
Nikos Mavrogiannopoulos
b2e199577d doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 11:36:42 +03:00
Nikos Mavrogiannopoulos
cf74746fb7 tun: be more verbose in bsd tun device creation errors 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-30 12:06:43 +02:00
Nikos Mavrogiannopoulos
37f8ebc8c9 tests: added unit test for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:15:35 +02:00
Nikos Mavrogiannopoulos
0c18e122e6 tests: added check for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:11:53 +02:00
Nikos Mavrogiannopoulos
18fa25fea2 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:08:49 +02:00
Nikos Mavrogiannopoulos
a45f358af3 worker: added support for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:08:45 +02:00
Nikos Mavrogiannopoulos
fa3dad2e37 doc: document limitations of listen-clear-file 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-25 19:55:46 +01:00
Nikos Mavrogiannopoulos
de0823f01e worker-proxyproto: improved error message 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 20:07:49 +01:00
Nikos Mavrogiannopoulos
83bea71e38 tests: added unit test for cstp_recv_nb() 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 20:07:47 +01:00
Nikos Mavrogiannopoulos
0792d7a135 cstp_recv_nb: improve operation under receiving from UNIX socket 
That is, ensure that all possible packet size combinations are
correctly received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 19:07:51 +01:00
Nikos Mavrogiannopoulos
50c551b56e tests: kerberos tests use F25 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-23 09:33:14 +01:00
Nikos Mavrogiannopoulos
8e66136a1b tests: test-user-config: fixed check for 401 error 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-23 09:28:43 +01:00
Nikos Mavrogiannopoulos
e8a07e402e Revert "cstp_recv_nb: improve operation under receiving from UNIX socket" 
This reverts commit 409f114d9e.
 2017-03-23 09:06:40 +01:00
Nikos Mavrogiannopoulos
fa00c52809 doc update 2017-03-20 09:28:01 +01:00
Nikos Mavrogiannopoulos
9938056f6c Disable DTLS-PSK protocol when run under a unix socket 
It is not possible to derive PSK keys when only the TCP CSTP session
is available, without the TLS session.

Relates #22

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-20 09:27:46 +01:00
Nikos Mavrogiannopoulos
409f114d9e cstp_recv_nb: improve operation under receiving from UNIX socket 
That is, ensure that all possible packet size combinations are
correctly received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-20 08:20:40 +01:00
Nikos Mavrogiannopoulos
aa28f0b9d2 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-11 21:27:32 +01:00
Nikos Mavrogiannopoulos
c1d86d5577 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-02-23 10:06:37 +01:00
Nikos Mavrogiannopoulos
4d9cdf7610 worker-vpn: use TCP_INFO on linux to obtain accurate MTU information 
This provides a more accurate value than the one obtained using the
TCP MSS value. The latter is affected by many factors (such as tcp
options), to provide a reliable value.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-02-23 10:05:45 +01:00
Nikos Mavrogiannopoulos
fdfad2fa7e worker-vpn: corrected calculation for MTU via TCP MSS 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-02-22 22:01:49 +01:00
Nikos Mavrogiannopoulos
6986a97d12 tests: added missing file to dist files ocserv_0_11_7 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
996f6068be updated auto-generated files 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
d23215b584 bumped version 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
f2714d1950 occtl: added compatibility with the 0.11.6 output 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
c59cf15052 occtl: renamed cookie to session 
That reflects more close the actual use of the printed identifier.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
4bbf5129ee worker: do not log real session ID but rather the masked one 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
145ba5c14d Explicitly specify the protocol buffers syntax used in .proto files. 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
cb60edcf84 sec-mod: Do not log any received invalid SID 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-02-12 10:19:02 +01:00
Nikos Mavrogiannopoulos
12c4970c9e tests: removed firewall tests 
These were no longer up-to-date and were not checking the provided
functionality.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-02-06 01:54:48 +01:00
Nikos Mavrogiannopoulos
66f8b57af9 doc update 2017-01-29 15:54:54 +01:00
Nikos Mavrogiannopoulos
fdea01f4f5 Do not log the internal session ID nor re-use it in radius 
Use instead a value derived from it, to avoid access to the debugging
log files, or radius result to access to the server.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-01-29 15:48:46 +01:00
Nikos Mavrogiannopoulos
3033591343 doc update [ci skip] 2017-01-29 15:29:51 +01:00
Nikos Mavrogiannopoulos
550599e098 doc update 2017-01-29 15:17:20 +01:00
Nikos Mavrogiannopoulos
bc6f3dc69c radius: use the reply message from server on rejection 
That is, log it, and forward it to the worker process in order
to deliver it to the user.

Resolves #72

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-01-29 15:17:17 +01:00
Nikos Mavrogiannopoulos
23189a177a auth: pam: minor cleanups 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-01-28 15:59:04 +01:00
Nikos Mavrogiannopoulos
741f8b22da doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-01-28 15:25:28 +01:00