GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,296 Commits 19 Branches 88 Tags
3ebd9ecc3eb72e217ea62f7199e3c2c305be99ce
Commit Graph

200 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
d910c8952b doc: list 'route=default' as an example 2015-12-02 10:41:16 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
53376c96a2 doc: document the behavior of restrict-user-to-routes in case of defaultroute 2015-11-29 20:24:32 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
c7fe48f372 scripts: export the routes,no-routes and dns servers 2015-11-23 10:53:43 +01:00
Nikos Mavrogiannopoulos
8d03519fb2 doc update 2015-11-17 11:02:26 +01:00
Nikos Mavrogiannopoulos
2473633b8d Added cookie key rotation 2015-11-17 08:33:38 +01:00
Nikos Mavrogiannopoulos
65004a55df Added configuration option tunnel-all-dns 2015-11-10 13:50:03 +01:00
Nikos Mavrogiannopoulos
0b8f4beb8b Added user-specific configuration options dpd, mobile-dpd, keepalive, max-same-clients 2015-11-10 13:49:13 +01:00
Nikos Mavrogiannopoulos
d72424b9c0 doc update 2015-10-30 14:40:49 +01:00
Nikos Mavrogiannopoulos
5a10283125 Added the config option expose-iroutes 
This allows the server to advertise routes offered by few clients
to all clients except the ones offering them.
 2015-10-25 22:43:54 +01:00
Nikos Mavrogiannopoulos
40bd1550c1 ipv6: introduced ipv6-subnet-prefix config option 
That option allows to specify the IPv6 subnet prefix to be given
to client. That is, allow providing the clients networks larger
than /128. Set the option to 128 to simulate the previous behavior
of ocserv.
 2015-10-24 19:26:48 +02:00
Nikos Mavrogiannopoulos
e5d02eb228 plain auth: support OTP authentication using usersfile 
That adds a dependency on liboath.
 2015-09-25 15:03:38 +02:00
Nikos Mavrogiannopoulos
568d6fa767 mention the possibility of proxy arp 2015-09-24 09:52:18 +02:00
Nikos Mavrogiannopoulos
0461787fcc doc update 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
f2caadbe83 updated documentation for CRL reload 2015-09-14 17:59:58 +02:00
Nikos Mavrogiannopoulos
edba5fc23e removed pam accounting method from config file 
Reported by Stuart Henderson.
 2015-09-05 00:16:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
17e71dccd8 Added support for proxy protocol (v2) 2015-07-15 13:03:58 +02:00
Nikos Mavrogiannopoulos
3f48b31a9e use quotes in all examples to avoid issues in modifications 2015-06-29 15:33:16 +02:00
Nikos Mavrogiannopoulos
8b186fb53a Allow specifying a PIN and SRK PIN in the config file 
That pin will be used to decrypt encrypted key files as well.
 2015-06-25 14:12:57 +02:00
Nikos Mavrogiannopoulos
f954983f7a sample.config: bring in par with ocserv-args.def 2015-05-23 11:16:43 +02:00
Nikos Mavrogiannopoulos
9c0ebd3c81 document the fact that some clients fail if rekey is disabled 2015-05-23 11:15:07 +02:00
Nikos Mavrogiannopoulos
45d380ccd9 corrected typos in IPV6 env variable 2015-05-11 14:26:10 +02:00
Nikos Mavrogiannopoulos
8b32d185c6 doc update 2015-05-06 20:43:04 +02:00
Nikos Mavrogiannopoulos
f89525ff94 added config option 'persistent-cookies' 
When it is set, it doesn't invalidate cookies after
user disconnection.
 2015-05-06 20:41:42 +02:00
Nikos Mavrogiannopoulos
df4425a7d2 radius: consider Acct-Interim-Interval by default 
That can also be overriden by specifying 'override-interim-updates=true'
in the radius subconfig.
 2015-05-05 11:24:34 +02:00
Nikos Mavrogiannopoulos
70eca474c4 doc: use the "proper" URL for kdcproxy 2015-05-04 10:55:02 +02:00
Nikos Mavrogiannopoulos
ddfa37cf4a increased the tgt-freshness-time in examples 2015-04-29 17:36:14 +02:00
Nikos Mavrogiannopoulos
e54f6e2ac2 Added config option 'tgt-freshness-time' for GSSAPI 
This allows to set the maximum number of seconds a TGT ticket will
be valid for logging in the VPN. That can be used to prevent
a valid for a day TGT ticket from being used to login to VPN, and
addresses the use-case of where a laptop with a valid TGT ticket is
stolen.
 2015-04-29 10:41:27 +02:00
Nikos Mavrogiannopoulos
a588010c41 doc update 2015-04-23 10:28:21 +02:00
Nikos Mavrogiannopoulos
b27ff28971 updated sample.config 2015-03-04 10:28:15 +01:00
Nikos Mavrogiannopoulos
642edaae59 doc update: mention that banning cannot be combined with listen-clear-file 2015-03-03 15:37:58 +01:00
Nikos Mavrogiannopoulos
b4347e4971 updated documentation with options that will be read in reload 2015-03-03 11:44:51 +01:00
Nikos Mavrogiannopoulos
81b6b6bd3c doc update 2015-03-03 11:26:44 +01:00
Nikos Mavrogiannopoulos
b732a6e91e doc update 2015-03-03 11:19:30 +01:00
Nikos Mavrogiannopoulos
f33b7f9559 doc update 2015-03-03 11:06:54 +01:00
Nikos Mavrogiannopoulos
445ea63783 made the ban points configurable 2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos
7619895a25 removed server-name config option 2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos
c9efcae416 doc update 2015-02-26 09:24:24 +01:00
Nikos Mavrogiannopoulos
0aa2c86f08 Added points in KKDCP connections to prevent DoS attacks. 2015-02-25 14:31:21 +01:00
Nikos Mavrogiannopoulos
a3f5ae2551 Add a cost in number of connections per IP to prevent DoS attacks 2015-02-25 13:24:42 +01:00
Nikos Mavrogiannopoulos
a617485232 enforce of IP banning was moved to main 2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos
2f2f4a77d2 allow explicitly specifying the NAS identifier in radius 2015-02-24 18:59:05 +01:00
Nikos Mavrogiannopoulos
29e834da4d plain authentication uses the new parsing method 2015-02-24 13:53:37 +01:00
Nikos Mavrogiannopoulos
43caa1be14 radius will use the new sub-config format 2015-02-24 13:04:28 +01:00
Nikos Mavrogiannopoulos
e16ae6614c Added more advanced suboption parser 
That adds the ability to parse options in the form:
auth = "gssapi[option1=value1,option2=value2,...]
It also introduces the keytab, and require-local-user-map
suboptions for gssapi.
 2015-02-24 11:50:55 +01:00
Nikos Mavrogiannopoulos
40e96aae45 Separated accounting from authentication. 2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos
39494d54ed fixed sample.config 2015-02-21 16:59:52 +01:00