GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,386 Commits 19 Branches 88 Tags
57cbb43a3bd07be32d7131f31a071754092a9c68
Commit Graph

110 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
2069af24a8 disable SSL 3.0 on the default priorities 2014-10-17 11:01:28 +02:00
Nikos Mavrogiannopoulos
c2856e2ee6 disabled session control by default in sample.config 2014-10-15 07:58:36 +02:00
Nikos Mavrogiannopoulos
3a455f4178 listen-file -> listen-clear-file 2014-09-28 09:06:14 +02:00
Nikos Mavrogiannopoulos
e2585b2f26 unix-conn-file -> listen-file 2014-09-26 08:54:41 +02:00
Nikos Mavrogiannopoulos
4ea5a56ace Allow the CSTP layer to operate without TLS 
That also introduces a unix domain socket under which connections to the
server can occur.
 2014-09-23 16:08:29 +02:00
Nikos Mavrogiannopoulos
18cef50ebe doc update 2014-06-12 15:36:39 +02:00
Nikos Mavrogiannopoulos
9e4be33533 Added sequence diagram describing the session control operation. 2014-06-10 15:39:10 +02:00
Nikos Mavrogiannopoulos
021febe5d8 doc update 2014-06-10 15:16:54 +02:00
Nikos Mavrogiannopoulos
cbe4d80b1e No longer install d-bus or systemd files. 2014-06-02 14:52:13 +02:00
Nikos Mavrogiannopoulos
7ccdba8234 doc update 2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
51494e0df1 doc update 2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos
2276acf57b limit the cookie validity time to 3 hours in the configuration examples. 2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos
177c1c95bd Allow aliases to group names. 2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
2668fe63b4 Added the default-select-group directive. 2014-05-19 20:00:35 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
0f0f96ef5c sample.config: comment out the occtl-socket-file. 2014-05-17 08:47:27 +02:00
Nikos Mavrogiannopoulos
b25deaf742 Updated authentication state and design figures. 2014-05-14 14:50:03 +02:00
Nikos Mavrogiannopoulos
788560b9ce Added default-user-config and default-group-config configuration options. 
These allow setting a configuration file that will be loaded if a
user-specific or group-specific configuration file isn't found.
 2014-05-14 13:27:51 +02:00
Nikos Mavrogiannopoulos
9434334918 updated sample.config 2014-05-11 14:23:43 +02:00
Nikos Mavrogiannopoulos
d6583945f9 Added the STATS_DURATION script environment variable. 
This variable reports the duration of the session in seconds.
 2014-05-04 11:20:32 +02:00
Nikos Mavrogiannopoulos
593ce2c9fa sample config update 2014-05-04 11:13:44 +02:00
Nikos Mavrogiannopoulos
4598a1b53b updated example script to account for STATS_BYTES variables. 2014-04-28 17:40:00 +02:00
Nikos Mavrogiannopoulos
8e73f98502 changed the default DPD time to 90 seconds, to prevent UDP port from changing in several NATs. 2014-04-19 08:30:10 +02:00
Nikos Mavrogiannopoulos
0b9c6ff633 Added diagram with authentication state machine. 2014-03-25 13:49:11 +01:00
Nikos Mavrogiannopoulos
35c46d05c5 Do not set the output-buffer in the default configuration. 2014-03-25 11:25:42 +01:00
Nikos Mavrogiannopoulos
de1f63605b updated sample 2014-02-22 12:54:40 +01:00
Nikos Mavrogiannopoulos
faf0a7133b doc update 2014-02-17 22:22:07 +01:00
Nikos Mavrogiannopoulos
882c37b17a Added profile.xml to the distributed files 2014-02-17 15:36:33 +01:00
Nikos Mavrogiannopoulos
6d8841cae7 sample.conf update 2014-02-12 11:05:14 +01:00
Nikos Mavrogiannopoulos
5bf791bdfa doc update 2014-02-01 19:03:33 +01:00
Nikos Mavrogiannopoulos
0ec67882c0 Added support for multiple DNS and NBNS servers. 
This patch also combines ipv4-dns and ipv6-dns options
that are now handled as aliases to dns.

A side-effect of this patch is that the local keyword is no
longer supported.
 2014-02-01 14:50:52 +01:00
Nikos Mavrogiannopoulos
7129b7b316 change default ipv6 to link-local 2014-01-30 09:43:18 +01:00
Nikos Mavrogiannopoulos
8a29216228 doc update 2014-01-29 15:13:33 +01:00
Thomas Glanzmann
885f394f95 Allow Remote Desktop Users to establish AnyConnect connections 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2014-01-29 13:58:28 +01:00
Nikos Mavrogiannopoulos
41e8a949b3 only install DBUS and systemd files if they don't exist. 2014-01-28 18:04:38 +01:00
Nikos Mavrogiannopoulos
ec10295d9c Added two versions of systemd socket files, a standalone and a socket activate. 
From the standalone is installed by default.
 2014-01-28 18:01:31 +01:00
Nikos Mavrogiannopoulos
22dfa568a0 No need to install the dbus service file. 2014-01-28 17:56:37 +01:00
Nikos Mavrogiannopoulos
b1af6f2829 enabling cisco-client-compat allows 'stealing' of processes. 
This change puts a proc_st that its client has terminated to a "zombie"
state. That state will allow a client that connects later using the
same TLS session ID to reclaim it. That way clients that try to authenticate
by sending their credentials in different sessions can still authenticate with
ocserv. That however puts more trust to worker processes (as the main
process has no way of telling whether a TLS session is certainly
resumed).
 2014-01-18 15:06:10 +01:00
Nikos Mavrogiannopoulos
4d09a8612d systemd file installation is optional 2014-01-11 14:49:27 +01:00
Nikos Mavrogiannopoulos
0eef3bd5be Added occtl.8 2014-01-11 13:27:53 +01:00
Nikos Mavrogiannopoulos
7a7a44099d Added more conservative priority strings. 2014-01-10 10:50:37 +01:00
Nikos Mavrogiannopoulos
9079e2b67a Added configuration option use-dbus to allow disabling D-BUS usage. 2014-01-09 21:32:24 +01:00
Nikos Mavrogiannopoulos
8485b727d5 install D-BUS and systemd files. 2014-01-08 16:47:30 +01:00
Nikos Mavrogiannopoulos
1d697285e8 Added example systemd socket and service files. 2014-01-06 12:43:23 +01:00
Nikos Mavrogiannopoulos
c6a08db6db Added support for cgroups 2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos
b21f05df06 Allow setting directly the IP_TOS from net-priority. 2013-12-09 22:59:44 +01:00