Nikos Mavrogiannopoulos
7129b7b316
change default ipv6 to link-local
2014-01-30 09:43:18 +01:00
Nikos Mavrogiannopoulos
8a29216228
doc update
2014-01-29 15:13:33 +01:00
Thomas Glanzmann
885f394f95
Allow Remote Desktop Users to establish AnyConnect connections
...
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com >
2014-01-29 13:58:28 +01:00
Nikos Mavrogiannopoulos
41e8a949b3
only install DBUS and systemd files if they don't exist.
2014-01-28 18:04:38 +01:00
Nikos Mavrogiannopoulos
ec10295d9c
Added two versions of systemd socket files, a standalone and a socket activate.
...
From the standalone is installed by default.
2014-01-28 18:01:31 +01:00
Nikos Mavrogiannopoulos
22dfa568a0
No need to install the dbus service file.
2014-01-28 17:56:37 +01:00
Nikos Mavrogiannopoulos
b1af6f2829
enabling cisco-client-compat allows 'stealing' of processes.
...
This change puts a proc_st that its client has terminated to a "zombie"
state. That state will allow a client that connects later using the
same TLS session ID to reclaim it. That way clients that try to authenticate
by sending their credentials in different sessions can still authenticate with
ocserv. That however puts more trust to worker processes (as the main
process has no way of telling whether a TLS session is certainly
resumed).
2014-01-18 15:06:10 +01:00
Nikos Mavrogiannopoulos
4d09a8612d
systemd file installation is optional
2014-01-11 14:49:27 +01:00
Nikos Mavrogiannopoulos
0eef3bd5be
Added occtl.8
2014-01-11 13:27:53 +01:00
Nikos Mavrogiannopoulos
7a7a44099d
Added more conservative priority strings.
2014-01-10 10:50:37 +01:00
Nikos Mavrogiannopoulos
9079e2b67a
Added configuration option use-dbus to allow disabling D-BUS usage.
2014-01-09 21:32:24 +01:00
Nikos Mavrogiannopoulos
8485b727d5
install D-BUS and systemd files.
2014-01-08 16:47:30 +01:00
Nikos Mavrogiannopoulos
1d697285e8
Added example systemd socket and service files.
2014-01-06 12:43:23 +01:00
Nikos Mavrogiannopoulos
c6a08db6db
Added support for cgroups
2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos
b21f05df06
Allow setting directly the IP_TOS from net-priority.
2013-12-09 22:59:44 +01:00
Nikos Mavrogiannopoulos
6cb553e9a8
Added the net-priority configuration option.
...
That option allows setting the protocol-defined priority (via SO_PRIORITY)
for the UDP and TCP sockets, per user/group or globally.
2013-12-09 14:40:55 +01:00
Nikos Mavrogiannopoulos
e08f70987a
Added the --http-debug option to ocserv to avoid printing full HTTP messages to normal debug mode.
2013-11-16 17:33:50 +01:00
Nikos Mavrogiannopoulos
504737b378
remove usage of wondershaper
2013-11-09 09:57:17 +01:00
Nikos Mavrogiannopoulos
615e16cc41
count bandwidth in kb/sec to avoid overflows on high bandwidth.
2013-11-05 20:32:23 +01:00
Nikos Mavrogiannopoulos
2f5141b00f
Added directives to allow bandwidth limitation.
2013-11-03 17:06:02 +01:00
Nikos Mavrogiannopoulos
7ac0cfbb14
doc update
2013-10-29 22:05:11 +01:00
Nikos Mavrogiannopoulos
f607b6dad4
doc update
2013-10-29 21:49:39 +01:00
Nikos Mavrogiannopoulos
3c583e3a35
Added the 'iroute' directive to allow routes set on server.
2013-10-29 11:37:57 +01:00
Nikos Mavrogiannopoulos
30f0e93e70
Added the ipv6-prefix configuration option
2013-10-29 10:01:53 +01:00
Nikos Mavrogiannopoulos
00554b2f28
Allow loading additional configuration files per user or per group.
...
The directives currently allowed are: ipv4/6_dns and route.
2013-10-28 11:43:05 +01:00
Nikos Mavrogiannopoulos
988116bbeb
Added config options 'mtu' and 'output-buffer'.
2013-10-20 17:45:51 +02:00
Nikos Mavrogiannopoulos
c6d1e952da
doc update
2013-08-28 21:13:09 +03:00
Mike Miller
9d4bea82dd
Add autogen search path to work when building out of the source tree
2013-07-23 21:34:13 +02:00
Nikos Mavrogiannopoulos
2af67c4aff
Added decoder for HTML-encoded and URL-encoded passwords and usernames.
...
This prevents special characters from not being recognized. Reported by P.H.Vos.
Also updated gnulib and added c-strncasecmp
2013-07-10 16:09:56 +02:00
Nikos Mavrogiannopoulos
58fcdd0486
use existing files
2013-07-07 21:17:41 +02:00
Nikos Mavrogiannopoulos
c4183d358e
cookie-db no longer exists.
2013-07-01 13:59:30 +02:00
Nikos Mavrogiannopoulos
e7aa89dc96
document way to force PFS
2013-06-27 17:58:48 +02:00
Nikos Mavrogiannopoulos
e91fca55b4
autogen'ed files update
2013-06-26 16:28:52 +02:00
Nikos Mavrogiannopoulos
1521a3caaa
Removed ability to send binary files.
2013-06-07 11:36:34 +02:00
Nikos Mavrogiannopoulos
10246b78c4
Allow downloading raw files from 1/binaries
2013-05-31 17:29:52 +02:00
Nikos Mavrogiannopoulos
96a7f04237
doc update
2013-05-23 16:06:20 +02:00
Nikos Mavrogiannopoulos
30efc0433e
updated example
2013-05-13 22:50:35 +02:00
Nikos Mavrogiannopoulos
bc30d9b20f
design update
2013-05-06 12:11:44 +03:00
Nikos Mavrogiannopoulos
e0a7ad9fe6
Added X-CSTP-Default-Domain option.
2013-05-06 10:56:21 +03:00
Nikos Mavrogiannopoulos
dd3571bc99
Updates for cisco's client.
2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos
09b34ee745
make ocpasswd manpage
2013-04-28 15:33:46 +03:00
Nikos Mavrogiannopoulos
1baa8d8a6f
disable dh-params by default
2013-03-24 08:42:43 +01:00
Nikos Mavrogiannopoulos
6da505a0a1
added dh-params option into sample file
2013-03-23 09:48:06 +01:00
Nikos Mavrogiannopoulos
a3b4a742bf
Added anyconnect options to sample config
2013-03-17 00:00:25 +01:00
Nikos Mavrogiannopoulos
5a4ce846b7
The TLS private keys are kept into a privileged process.
...
That process is called security-module (sec-mod) and communicates
with the workers using a unix domain socket.
2013-03-15 17:47:38 +01:00
Nikos Mavrogiannopoulos
9224a02b77
Updated sample script.
2013-03-13 19:19:45 +01:00
Nikos Mavrogiannopoulos
0c4b013b3f
Added plain password format
2013-03-12 23:40:11 +01:00
Nikos Mavrogiannopoulos
979729e8a3
manual page moved to section 8
2013-03-07 10:45:36 +01:00
Nikos Mavrogiannopoulos
432a2da897
Allow setting a reconnection delay time after a failed authentication attempt (added min-reauth-time option).
2013-03-04 19:42:10 +01:00
Nikos Mavrogiannopoulos
ce3bf1c22a
corrected typo
2013-03-04 18:44:56 +01:00
