GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,296 Commits 19 Branches 88 Tags
3ebd9ecc3eb72e217ea62f7199e3c2c305be99ce
Commit Graph

200 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
593ce2c9fa sample config update 2014-05-04 11:13:44 +02:00
Nikos Mavrogiannopoulos
8e73f98502 changed the default DPD time to 90 seconds, to prevent UDP port from changing in several NATs. 2014-04-19 08:30:10 +02:00
Nikos Mavrogiannopoulos
35c46d05c5 Do not set the output-buffer in the default configuration. 2014-03-25 11:25:42 +01:00
Nikos Mavrogiannopoulos
de1f63605b updated sample 2014-02-22 12:54:40 +01:00
Nikos Mavrogiannopoulos
faf0a7133b doc update 2014-02-17 22:22:07 +01:00
Nikos Mavrogiannopoulos
6d8841cae7 sample.conf update 2014-02-12 11:05:14 +01:00
Nikos Mavrogiannopoulos
5bf791bdfa doc update 2014-02-01 19:03:33 +01:00
Nikos Mavrogiannopoulos
0ec67882c0 Added support for multiple DNS and NBNS servers. 
This patch also combines ipv4-dns and ipv6-dns options
that are now handled as aliases to dns.

A side-effect of this patch is that the local keyword is no
longer supported.
 2014-02-01 14:50:52 +01:00
Nikos Mavrogiannopoulos
7129b7b316 change default ipv6 to link-local 2014-01-30 09:43:18 +01:00
Nikos Mavrogiannopoulos
8a29216228 doc update 2014-01-29 15:13:33 +01:00
Nikos Mavrogiannopoulos
b1af6f2829 enabling cisco-client-compat allows 'stealing' of processes. 
This change puts a proc_st that its client has terminated to a "zombie"
state. That state will allow a client that connects later using the
same TLS session ID to reclaim it. That way clients that try to authenticate
by sending their credentials in different sessions can still authenticate with
ocserv. That however puts more trust to worker processes (as the main
process has no way of telling whether a TLS session is certainly
resumed).
 2014-01-18 15:06:10 +01:00
Nikos Mavrogiannopoulos
7a7a44099d Added more conservative priority strings. 2014-01-10 10:50:37 +01:00
Nikos Mavrogiannopoulos
9079e2b67a Added configuration option use-dbus to allow disabling D-BUS usage. 2014-01-09 21:32:24 +01:00
Nikos Mavrogiannopoulos
c6a08db6db Added support for cgroups 2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos
b21f05df06 Allow setting directly the IP_TOS from net-priority. 2013-12-09 22:59:44 +01:00
Nikos Mavrogiannopoulos
6cb553e9a8 Added the net-priority configuration option. 
That option allows setting the protocol-defined priority (via SO_PRIORITY)
for the UDP and TCP sockets, per user/group or globally.
 2013-12-09 14:40:55 +01:00
Nikos Mavrogiannopoulos
e08f70987a Added the --http-debug option to ocserv to avoid printing full HTTP messages to normal debug mode. 2013-11-16 17:33:50 +01:00
Nikos Mavrogiannopoulos
615e16cc41 count bandwidth in kb/sec to avoid overflows on high bandwidth. 2013-11-05 20:32:23 +01:00
Nikos Mavrogiannopoulos
2f5141b00f Added directives to allow bandwidth limitation. 2013-11-03 17:06:02 +01:00
Nikos Mavrogiannopoulos
7ac0cfbb14 doc update 2013-10-29 22:05:11 +01:00
Nikos Mavrogiannopoulos
f607b6dad4 doc update 2013-10-29 21:49:39 +01:00
Nikos Mavrogiannopoulos
3c583e3a35 Added the 'iroute' directive to allow routes set on server. 2013-10-29 11:37:57 +01:00
Nikos Mavrogiannopoulos
30f0e93e70 Added the ipv6-prefix configuration option 2013-10-29 10:01:53 +01:00
Nikos Mavrogiannopoulos
00554b2f28 Allow loading additional configuration files per user or per group. 
The directives currently allowed are: ipv4/6_dns and route.
 2013-10-28 11:43:05 +01:00
Nikos Mavrogiannopoulos
988116bbeb Added config options 'mtu' and 'output-buffer'. 2013-10-20 17:45:51 +02:00
Nikos Mavrogiannopoulos
c6d1e952da doc update 2013-08-28 21:13:09 +03:00
Nikos Mavrogiannopoulos
2af67c4aff Added decoder for HTML-encoded and URL-encoded passwords and usernames. 
This prevents special characters from not being recognized. Reported by P.H.Vos.
Also updated gnulib and added c-strncasecmp
 2013-07-10 16:09:56 +02:00
Nikos Mavrogiannopoulos
58fcdd0486 use existing files 2013-07-07 21:17:41 +02:00
Nikos Mavrogiannopoulos
c4183d358e cookie-db no longer exists. 2013-07-01 13:59:30 +02:00
Nikos Mavrogiannopoulos
e7aa89dc96 document way to force PFS 2013-06-27 17:58:48 +02:00
Nikos Mavrogiannopoulos
e91fca55b4 autogen'ed files update 2013-06-26 16:28:52 +02:00
Nikos Mavrogiannopoulos
1521a3caaa Removed ability to send binary files. 2013-06-07 11:36:34 +02:00
Nikos Mavrogiannopoulos
10246b78c4 Allow downloading raw files from 1/binaries 2013-05-31 17:29:52 +02:00
Nikos Mavrogiannopoulos
96a7f04237 doc update 2013-05-23 16:06:20 +02:00
Nikos Mavrogiannopoulos
30efc0433e updated example 2013-05-13 22:50:35 +02:00
Nikos Mavrogiannopoulos
e0a7ad9fe6 Added X-CSTP-Default-Domain option. 2013-05-06 10:56:21 +03:00
Nikos Mavrogiannopoulos
dd3571bc99 Updates for cisco's client. 2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos
1baa8d8a6f disable dh-params by default 2013-03-24 08:42:43 +01:00
Nikos Mavrogiannopoulos
6da505a0a1 added dh-params option into sample file 2013-03-23 09:48:06 +01:00
Nikos Mavrogiannopoulos
a3b4a742bf Added anyconnect options to sample config 2013-03-17 00:00:25 +01:00
Nikos Mavrogiannopoulos
5a4ce846b7 The TLS private keys are kept into a privileged process. 
That process is called security-module (sec-mod) and communicates
with the workers using a unix domain socket.
 2013-03-15 17:47:38 +01:00
Nikos Mavrogiannopoulos
9224a02b77 Updated sample script. 2013-03-13 19:19:45 +01:00
Nikos Mavrogiannopoulos
0c4b013b3f Added plain password format 2013-03-12 23:40:11 +01:00
Nikos Mavrogiannopoulos
432a2da897 Allow setting a reconnection delay time after a failed authentication attempt (added min-reauth-time option). 2013-03-04 19:42:10 +01:00
Nikos Mavrogiannopoulos
ef18851237 Added option to allow sending a cookie without the corresponding certificate. 
This option is required for the cisco clients, that do not always use the
client certificate. When this option is set to false it means that the cookie
itself is sufficient for authentication. This is bad practice of smart cards
are in use.
 2013-03-01 21:54:49 +01:00
Nikos Mavrogiannopoulos
41e8d020b5 Several updates to handle URLs requested by the cisco client. 2013-03-01 19:52:10 +01:00
Nikos Mavrogiannopoulos
b489e0f912 doc update 2013-02-22 19:35:50 +01:00
Nikos Mavrogiannopoulos
4bfbe6d7bd updated sample config 2013-02-19 21:40:11 +01:00
Nikos Mavrogiannopoulos
59026fb8f1 Added some kind of path MTU discovery using DPD. 2013-02-15 22:23:35 +01:00
Nikos Mavrogiannopoulos
35ce549e9e Added missing files 2013-02-12 18:57:06 +01:00