GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
269 Commits 19 Branches 88 Tags
5a4ce846b7253c7edaf069bf8e86dd748c24945a
Commit Graph

52 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
5a4ce846b7 The TLS private keys are kept into a privileged process. 
That process is called security-module (sec-mod) and communicates
with the workers using a unix domain socket.
 2013-03-15 17:47:38 +01:00
Nikos Mavrogiannopoulos
0be2b2a054 crypt(3) is used in the plain password file. 
In addition, ocpasswd program was added to generate password file entries.
 2013-03-14 16:23:47 +01:00
Nikos Mavrogiannopoulos
0c4b013b3f Added plain password format 2013-03-12 23:40:11 +01:00
Nikos Mavrogiannopoulos
23977b5359 Added ability to specify multiple certificate and key pairs. 2013-03-07 09:51:50 +01:00
Nikos Mavrogiannopoulos
a0f1867c58 Allow setting DH parameters. 2013-03-07 09:19:25 +01:00
Nikos Mavrogiannopoulos
6c54a37e69 Allow setting OCSP responses. 2013-03-05 01:42:25 +01:00
Nikos Mavrogiannopoulos
432a2da897 Allow setting a reconnection delay time after a failed authentication attempt (added min-reauth-time option). 2013-03-04 19:42:10 +01:00
Nikos Mavrogiannopoulos
ecd90b533e Allow setting a rate limit on the number of connections. 2013-03-04 06:23:58 +01:00
Nikos Mavrogiannopoulos
62392660cd Anyconnect client compatibility is optional. 2013-03-02 15:35:16 +01:00
Nikos Mavrogiannopoulos
ef18851237 Added option to allow sending a cookie without the corresponding certificate. 
This option is required for the cisco clients, that do not always use the
client certificate. When this option is set to false it means that the cookie
itself is sufficient for authentication. This is bad practice of smart cards
are in use.
 2013-03-01 21:54:49 +01:00
Nikos Mavrogiannopoulos
41e8d020b5 Several updates to handle URLs requested by the cisco client. 2013-03-01 19:52:10 +01:00
Nikos Mavrogiannopoulos
83c9793033 include banner in the XML success message. 2013-02-27 22:29:10 +01:00
Nikos Mavrogiannopoulos
833b1979ec Banner was made configurable. 2013-02-27 19:16:46 +01:00
Nikos Mavrogiannopoulos
d06de0c46b Allow setting NBNS. 2013-02-24 11:24:14 +01:00
Nikos Mavrogiannopoulos
628877881d Added configuration options for PIN files. 2013-02-18 23:47:20 +01:00
Nikos Mavrogiannopoulos
ba80139452 mtu discovery via DPD is optional 2013-02-16 16:46:37 +01:00
Nikos Mavrogiannopoulos
e8f6332f36 Use PAM account management and added support for user groups. 2013-02-12 18:57:05 +01:00
Nikos Mavrogiannopoulos
121b2491aa HUP signal reloads configuration 2013-02-12 18:57:05 +01:00
Nikos Mavrogiannopoulos
184b8d7a66 enforce maximum number of same clients 2013-02-09 20:23:46 +01:00
Nikos Mavrogiannopoulos
5f4b8711ef Added configurable DPD 2013-02-08 21:51:58 +01:00
Nikos Mavrogiannopoulos
bacf821953 cleaned up TLS code which was moved to tlslib 2013-02-08 18:20:17 +01:00
Nikos Mavrogiannopoulos
14460456e7 gdbm was re-added and made optional. 2013-02-07 20:43:11 +01:00
Nikos Mavrogiannopoulos
534ddfbfcc Honour client's MTU choice. 2013-02-07 18:19:10 +01:00
Nikos Mavrogiannopoulos
1cb7ab38e9 Use a single UDP port in the server. 
Several modifications to use a single UDP port in the server. This
is currently done using a hack, i.e., pass the UDP socket to worker,
close it on the main server and then re-open it (using REUSEADDR).

Also several updates in TUN handling to allow more than one clients connecting.
 2013-02-07 17:49:51 +01:00
Nikos Mavrogiannopoulos
4370f88001 dropped dependency on gdbm. Cookies are stored in a hash. 2013-02-07 00:57:17 +01:00
Nikos Mavrogiannopoulos
e380053caa Added explicit logging to UTMP file. 2013-02-06 20:18:53 +01:00
Nikos Mavrogiannopoulos
99824ebd94 corrected DTLS packet handling. 2013-02-05 23:56:28 +01:00
Nikos Mavrogiannopoulos
1e0bcc269d reorganized headers 2013-02-05 22:11:38 +01:00
Nikos Mavrogiannopoulos
03edf5b5bc changes to enable VPN functionality. 2013-02-05 21:03:40 +01:00
Nikos Mavrogiannopoulos
7c3900176e Send X-CSTP-Version and read hostname. 2013-02-05 19:31:57 +01:00
Nikos Mavrogiannopoulos
61ae5a9c06 Added connect and disconnect scripts 2013-02-04 20:43:28 +01:00
Nikos Mavrogiannopoulos
1fb76ce890 Added session resumption to TLS server. 2013-02-03 21:23:29 +01:00
Nikos Mavrogiannopoulos
24cead11d4 Added some primitive mtu handling 2013-02-01 19:58:23 +01:00
Nikos Mavrogiannopoulos
65a3ac4cb4 better name for db_file 2013-02-01 08:16:18 +01:00
Nikos Mavrogiannopoulos
73c36c31f9 master secret doesn't need to be generated by the server 2013-02-01 08:13:11 +01:00
Nikos Mavrogiannopoulos
92b1d573eb set a maximum number of clients 2013-01-31 22:52:39 +01:00
Nikos Mavrogiannopoulos
6608f7ad7f Fixed UDP side. 2013-01-31 20:18:29 +01:00
Nikos Mavrogiannopoulos
0a8b951022 several updates and fixes in auth 2013-01-30 21:20:16 +01:00
Nikos Mavrogiannopoulos
25b0617081 better file structure 2013-01-30 19:00:29 +01:00
Nikos Mavrogiannopoulos
0b6fc4c696 Read configuration file 2013-01-30 17:33:17 +01:00
Nikos Mavrogiannopoulos
8c2735d1e1 use autogen for command line options 2013-01-30 01:39:14 +01:00
Nikos Mavrogiannopoulos
18becb9640 better notation 2013-01-29 20:59:15 +01:00
Nikos Mavrogiannopoulos
b24a3bf74b server_st -> worker_st 2013-01-29 20:19:23 +01:00
Nikos Mavrogiannopoulos
1a0cc31925 Provide client with normal leased IPs. 2013-01-29 20:03:47 +01:00
Nikos Mavrogiannopoulos
bd11f34cc6 use const 2013-01-28 23:38:06 +01:00
Nikos Mavrogiannopoulos
ba3705529e main server keeps list of client IPs 2013-01-28 23:34:59 +01:00
Nikos Mavrogiannopoulos
8060601a33 updated 2013-01-28 21:48:10 +01:00
Nikos Mavrogiannopoulos
ba72042e03 updated server. 2013-01-28 20:25:47 +01:00
Nikos Mavrogiannopoulos
9f8db00c2e Allow dropping privileges 2013-01-13 14:28:38 +01:00
Nikos Mavrogiannopoulos
6db0cf229a preliminary configuration for networks. 2013-01-13 13:31:38 +01:00