GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,018 Commits 19 Branches 88 Tags
34b39d213cb48f6d4688ac71712f5e676a976b84
Commit Graph

37 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
894cdb7a52 config: skip unknown sections 
This would allow future extensibility, by making clients which
don't support a section to skip it.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
1b8079a11a Replaced the configuration parser with inih parser 
That eliminates the dependency on libopts as well as autogen.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
533677bd73 ocserv: use getopt for command line parsing 
The complexity of its command line options didn't require
the use of libopts, and by eliminating that dependency for cmd
parsing, we can chose another parser for config file parsing.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
0c093ad8f3 ocserv: allow overriding hostname on the per-user configuration 
This allows for the administrator to set specific hostnames, or even
empty hostname for specific users.
 2016-06-18 11:08:53 +02:00
Nikos Mavrogiannopoulos
63d3b98cad use more consistent naming in internal messages 2016-03-05 14:00:50 +01:00
Nikos Mavrogiannopoulos
cbcd4c8279 sup-config/file: Addressed issue with ipv4-network not reading prefix 
That is the syntax now accepts options such as:
"ipv4-network = x.x.x.x/y". Reported by Frank Rosquin.
 2016-02-23 14:47:41 +01:00
Nikos Mavrogiannopoulos
40185fe0c2 radius: send user agent information as Connect-Info on accounting start 
Relates #26
 2016-01-18 11:55:16 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
cefd77b633 Simplified per-user/group configuration handling 
We now use a common structure in SESSION_REPLY and AUTH_REP
messages. That structure is generated by sec-mod and forwarded
by main to worker, thus eliminating the need to create passing
code for each new user-config variable being added.
 2015-11-26 18:29:14 +01:00
Nikos Mavrogiannopoulos
f5fca982dc Added configuration option restrict-user-to-routes 
This option, if set, will call /usr/bin/ocserv-fw for each user
connecting, i.e., adding firewall restrictions based on its allowed
routes.
 2015-11-23 17:31:55 +01:00
Nikos Mavrogiannopoulos
65004a55df Added configuration option tunnel-all-dns 2015-11-10 13:50:03 +01:00
Nikos Mavrogiannopoulos
0b8f4beb8b Added user-specific configuration options dpd, mobile-dpd, keepalive, max-same-clients 2015-11-10 13:49:13 +01:00
Nikos Mavrogiannopoulos
7a4fc3b0aa moved ip-related macros to ip-util 2015-10-30 14:03:24 +01:00
Nikos Mavrogiannopoulos
97d6074ed3 when reading IPv4 routes ensure they are read/converted to proper format 2015-10-28 14:22:18 +01:00
Nikos Mavrogiannopoulos
40bd1550c1 ipv6: introduced ipv6-subnet-prefix config option 
That option allows to specify the IPv6 subnet prefix to be given
to client. That is, allow providing the clients networks larger
than /128. Set the option to 128 to simulate the previous behavior
of ocserv.
 2015-10-24 19:26:48 +02:00
Nikos Mavrogiannopoulos
59e0d574fc improved variable name 2015-06-17 09:54:00 +02:00
Nikos Mavrogiannopoulos
a5b2175219 Lifted the limit by MAX_CONFIG_ENTRIES 
Now entries in the configuration file are limited by available
memory.
 2015-06-17 09:52:02 +02:00
Nikos Mavrogiannopoulos
e9d35493f0 stats-report-time and session-timeout can be set per user/group as well 2015-05-19 15:42:53 +02:00
Nikos Mavrogiannopoulos
0abc1ee2db Allow overriding session-timeout from radius 2015-05-19 15:35:46 +02:00
Nikos Mavrogiannopoulos
40e96aae45 Separated accounting from authentication. 2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos
f591cb0181 sanitized strcmp check 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
afef74fa23 removed the certificate[optional] auth type 2015-02-19 11:47:20 +01:00
Kevin Cernekee
71ff05cea7 Allow explicit-ipv4 / explicit-ipv6 addresses in per-user config files 
If a machine is running remotely accessible services, it can be helpful
to assign a fixed IP address upon connection.
 2015-02-09 11:32:24 +01:00
Nikos Mavrogiannopoulos
bcea928abe Added support for no-routes (X-Split-Exclude) 2015-02-06 14:05:10 +01:00
Nikos Mavrogiannopoulos
50f2fb88f6 simplify the input of IPv6 networks 
The prefix is specified as part of the network.
 2014-12-29 20:15:36 +02:00
Nikos Mavrogiannopoulos
90b0ac7932 radius: added support for Framed-IPv6-Prefix 2014-12-29 20:00:45 +02:00
Nikos Mavrogiannopoulos
4cf2797afc radius: use Framed-Route and Framed-IPv6-Route 
That is read and if format is the expected, they are forwarded to client.
 2014-12-14 20:37:50 +01:00
Nikos Mavrogiannopoulos
766afb591a Added support for reading user configuration from radius. 2014-12-09 15:38:27 +01:00
Nikos Mavrogiannopoulos
baa3e4701e Supplementary configuration is now read by the security module. 
That allows sec-mod to handle both authentication and accounting.
That deprecates the session-control configuration option.
 2014-12-08 13:52:28 +01:00
Nikos Mavrogiannopoulos
8365449e9b deprecated ipv6_netmask 2014-12-08 10:48:25 +01:00
Nikos Mavrogiannopoulos
365ca267d4 added new authentication mode optional-certificate 
That mode allows having only specific group of users that are required
to present a certificate.
 2014-09-24 12:41:31 +02:00
Nikos Mavrogiannopoulos
30bcf35576 Revert "license upgraded to GPLv3" 
This reverts commit 213f9a63ee.

Conflicts:
	configure.ac
 2014-09-24 11:34:15 +02:00
Nikos Mavrogiannopoulos
c781bea7cd user-profile is now allowed in per-user configuration 2014-07-31 14:57:09 +02:00
Nikos Mavrogiannopoulos
6de26b9408 made macro usage safer 
That solves an issue where the pid_file would be overwritten on
a configuration file reload.
 2014-07-26 10:59:26 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
e7171ac859 Supplementary group/user configuration is now modular. 
That will ease the addition of other backends that can be used to
read the user/group configuration. The only backend supported now
is file.
 2014-05-15 11:36:30 +02:00