GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,378 Commits 19 Branches 88 Tags
3b0342c6784d9eeb4a04c35df14831d4906fac69
Commit Graph

218 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
3b0342c678 doc update 2015-12-08 14:35:30 +01:00
Nikos Mavrogiannopoulos
14d19b3e9a Enhanced configuration option 'restrict-user-to-ports' 
This enhancement allows to negate the rules and allow the user connecting
to all ports except the specified.
 2015-12-07 11:15:56 +01:00
Nikos Mavrogiannopoulos
d910c8952b doc: list 'route=default' as an example 2015-12-02 10:41:16 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
53376c96a2 doc: document the behavior of restrict-user-to-routes in case of defaultroute 2015-11-29 20:24:32 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
c7fe48f372 scripts: export the routes,no-routes and dns servers 2015-11-23 10:53:43 +01:00
Nikos Mavrogiannopoulos
8d03519fb2 doc update 2015-11-17 11:02:26 +01:00
Nikos Mavrogiannopoulos
2473633b8d Added cookie key rotation 2015-11-17 08:33:38 +01:00
Nikos Mavrogiannopoulos
8cb807d27d design.md: document a possible optimization in IPC protocol 2015-11-13 12:46:36 +01:00
Nikos Mavrogiannopoulos
65004a55df Added configuration option tunnel-all-dns 2015-11-10 13:50:03 +01:00
Nikos Mavrogiannopoulos
5138a39116 Added a draft design document 2015-11-10 13:49:56 +01:00
Nikos Mavrogiannopoulos
0b8f4beb8b Added user-specific configuration options dpd, mobile-dpd, keepalive, max-same-clients 2015-11-10 13:49:13 +01:00
Nikos Mavrogiannopoulos
d72424b9c0 doc update 2015-10-30 14:40:49 +01:00
Nikos Mavrogiannopoulos
4ae1c3e2ff occtl and ocpasswd were moved into separate directories 2015-10-30 13:51:19 +01:00
Nikos Mavrogiannopoulos
5a10283125 Added the config option expose-iroutes 
This allows the server to advertise routes offered by few clients
to all clients except the ones offering them.
 2015-10-25 22:43:54 +01:00
Nikos Mavrogiannopoulos
40bd1550c1 ipv6: introduced ipv6-subnet-prefix config option 
That option allows to specify the IPv6 subnet prefix to be given
to client. That is, allow providing the clients networks larger
than /128. Set the option to 128 to simulate the previous behavior
of ocserv.
 2015-10-24 19:26:48 +02:00
Nikos Mavrogiannopoulos
e5d02eb228 plain auth: support OTP authentication using usersfile 
That adds a dependency on liboath.
 2015-09-25 15:03:38 +02:00
Nikos Mavrogiannopoulos
568d6fa767 mention the possibility of proxy arp 2015-09-24 09:52:18 +02:00
Nikos Mavrogiannopoulos
a135c90e54 README-radius: use /etc/radcli for paths 2015-09-23 00:07:16 +02:00
Nikos Mavrogiannopoulos
a8ea052bbf doc: converted README.radius to markdown and link it from README.md 2015-09-19 20:43:44 +02:00
Nikos Mavrogiannopoulos
0461787fcc doc update 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
f2caadbe83 updated documentation for CRL reload 2015-09-14 17:59:58 +02:00
Nikos Mavrogiannopoulos
edba5fc23e removed pam accounting method from config file 
Reported by Stuart Henderson.
 2015-09-05 00:16:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
2a949e99c4 configure: discover suitable sed program 2015-08-17 14:20:41 +02:00
Nikos Mavrogiannopoulos
17e71dccd8 Added support for proxy protocol (v2) 2015-07-15 13:03:58 +02:00
Nikos Mavrogiannopoulos
3f48b31a9e use quotes in all examples to avoid issues in modifications 2015-06-29 15:33:16 +02:00
Nikos Mavrogiannopoulos
8b186fb53a Allow specifying a PIN and SRK PIN in the config file 
That pin will be used to decrypt encrypted key files as well.
 2015-06-25 14:12:57 +02:00
Nikos Mavrogiannopoulos
3e6b8fadb3 updated radcli URLs 2015-06-05 23:57:03 +02:00
Nikos Mavrogiannopoulos
2bce9455a0 use radcli as the radius library if found 2015-06-05 22:36:02 +02:00
Nikos Mavrogiannopoulos
d5c9fe7b02 added NAS-Identifier into dictionary 2015-06-03 19:52:33 +02:00
Nikos Mavrogiannopoulos
89500cb205 removed dbus option 2015-05-26 16:12:49 +02:00
Nikos Mavrogiannopoulos
f954983f7a sample.config: bring in par with ocserv-args.def 2015-05-23 11:16:43 +02:00
Nikos Mavrogiannopoulos
9c0ebd3c81 document the fact that some clients fail if rekey is disabled 2015-05-23 11:15:07 +02:00
Nikos Mavrogiannopoulos
4dd558b0cc updated radius documentation 2015-05-19 13:57:44 +02:00
Nikos Mavrogiannopoulos
45d380ccd9 corrected typos in IPV6 env variable 2015-05-11 14:26:10 +02:00
Nikos Mavrogiannopoulos
18253952d3 radius: removed documentation for Framed-IPv6-Route 
It was superseded by Route-IPv6-Information
 2015-05-11 14:18:13 +02:00
Nikos Mavrogiannopoulos
c7167af362 radius: added support for Delegated-IPv6-Prefix 2015-05-11 14:17:44 +02:00
Nikos Mavrogiannopoulos
96a2f9723d README.radius: added new attributes 2015-05-11 14:14:35 +02:00
Nikos Mavrogiannopoulos
8b32d185c6 doc update 2015-05-06 20:43:04 +02:00
Nikos Mavrogiannopoulos
f89525ff94 added config option 'persistent-cookies' 
When it is set, it doesn't invalidate cookies after
user disconnection.
 2015-05-06 20:41:42 +02:00
Nikos Mavrogiannopoulos
df4425a7d2 radius: consider Acct-Interim-Interval by default 
That can also be overriden by specifying 'override-interim-updates=true'
in the radius subconfig.
 2015-05-05 11:24:34 +02:00
Nikos Mavrogiannopoulos
70eca474c4 doc: use the "proper" URL for kdcproxy 2015-05-04 10:55:02 +02:00
Nikos Mavrogiannopoulos
ddfa37cf4a increased the tgt-freshness-time in examples 2015-04-29 17:36:14 +02:00
Nikos Mavrogiannopoulos
e54f6e2ac2 Added config option 'tgt-freshness-time' for GSSAPI 
This allows to set the maximum number of seconds a TGT ticket will
be valid for logging in the VPN. That can be used to prevent
a valid for a day TGT ticket from being used to login to VPN, and
addresses the use-case of where a laptop with a valid TGT ticket is
stolen.
 2015-04-29 10:41:27 +02:00
Nikos Mavrogiannopoulos
a588010c41 doc update 2015-04-23 10:28:21 +02:00
Nikos Mavrogiannopoulos
0654a191b2 install dbus config file if DBUS is enabled 2015-04-03 13:13:10 +02:00
Nikos Mavrogiannopoulos
b27ff28971 updated sample.config 2015-03-04 10:28:15 +01:00