ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	7129b7b316	change default ipv6 to link-local	2014-01-30 09:43:18 +01:00
Nikos Mavrogiannopoulos	8a29216228	doc update	2014-01-29 15:13:33 +01:00
Nikos Mavrogiannopoulos	b1af6f2829	enabling cisco-client-compat allows 'stealing' of processes. This change puts a proc_st that its client has terminated to a "zombie" state. That state will allow a client that connects later using the same TLS session ID to reclaim it. That way clients that try to authenticate by sending their credentials in different sessions can still authenticate with ocserv. That however puts more trust to worker processes (as the main process has no way of telling whether a TLS session is certainly resumed).	2014-01-18 15:06:10 +01:00
Nikos Mavrogiannopoulos	7a7a44099d	Added more conservative priority strings.	2014-01-10 10:50:37 +01:00
Nikos Mavrogiannopoulos	9079e2b67a	Added configuration option use-dbus to allow disabling D-BUS usage.	2014-01-09 21:32:24 +01:00
Nikos Mavrogiannopoulos	c6a08db6db	Added support for cgroups	2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos	b21f05df06	Allow setting directly the IP_TOS from net-priority.	2013-12-09 22:59:44 +01:00
Nikos Mavrogiannopoulos	6cb553e9a8	Added the net-priority configuration option. That option allows setting the protocol-defined priority (via SO_PRIORITY) for the UDP and TCP sockets, per user/group or globally.	2013-12-09 14:40:55 +01:00
Nikos Mavrogiannopoulos	e08f70987a	Added the --http-debug option to ocserv to avoid printing full HTTP messages to normal debug mode.	2013-11-16 17:33:50 +01:00
Nikos Mavrogiannopoulos	615e16cc41	count bandwidth in kb/sec to avoid overflows on high bandwidth.	2013-11-05 20:32:23 +01:00
Nikos Mavrogiannopoulos	2f5141b00f	Added directives to allow bandwidth limitation.	2013-11-03 17:06:02 +01:00
Nikos Mavrogiannopoulos	7ac0cfbb14	doc update	2013-10-29 22:05:11 +01:00
Nikos Mavrogiannopoulos	f607b6dad4	doc update	2013-10-29 21:49:39 +01:00
Nikos Mavrogiannopoulos	3c583e3a35	Added the 'iroute' directive to allow routes set on server.	2013-10-29 11:37:57 +01:00
Nikos Mavrogiannopoulos	30f0e93e70	Added the ipv6-prefix configuration option	2013-10-29 10:01:53 +01:00
Nikos Mavrogiannopoulos	00554b2f28	Allow loading additional configuration files per user or per group. The directives currently allowed are: ipv4/6_dns and route.	2013-10-28 11:43:05 +01:00
Nikos Mavrogiannopoulos	988116bbeb	Added config options 'mtu' and 'output-buffer'.	2013-10-20 17:45:51 +02:00
Nikos Mavrogiannopoulos	c6d1e952da	doc update	2013-08-28 21:13:09 +03:00
Nikos Mavrogiannopoulos	2af67c4aff	Added decoder for HTML-encoded and URL-encoded passwords and usernames. This prevents special characters from not being recognized. Reported by P.H.Vos. Also updated gnulib and added c-strncasecmp	2013-07-10 16:09:56 +02:00
Nikos Mavrogiannopoulos	58fcdd0486	use existing files	2013-07-07 21:17:41 +02:00
Nikos Mavrogiannopoulos	c4183d358e	cookie-db no longer exists.	2013-07-01 13:59:30 +02:00
Nikos Mavrogiannopoulos	e7aa89dc96	document way to force PFS	2013-06-27 17:58:48 +02:00
Nikos Mavrogiannopoulos	e91fca55b4	autogen'ed files update	2013-06-26 16:28:52 +02:00
Nikos Mavrogiannopoulos	1521a3caaa	Removed ability to send binary files.	2013-06-07 11:36:34 +02:00
Nikos Mavrogiannopoulos	10246b78c4	Allow downloading raw files from 1/binaries	2013-05-31 17:29:52 +02:00
Nikos Mavrogiannopoulos	96a7f04237	doc update	2013-05-23 16:06:20 +02:00
Nikos Mavrogiannopoulos	30efc0433e	updated example	2013-05-13 22:50:35 +02:00
Nikos Mavrogiannopoulos	e0a7ad9fe6	Added X-CSTP-Default-Domain option.	2013-05-06 10:56:21 +03:00
Nikos Mavrogiannopoulos	dd3571bc99	Updates for cisco's client.	2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos	1baa8d8a6f	disable dh-params by default	2013-03-24 08:42:43 +01:00
Nikos Mavrogiannopoulos	6da505a0a1	added dh-params option into sample file	2013-03-23 09:48:06 +01:00
Nikos Mavrogiannopoulos	a3b4a742bf	Added anyconnect options to sample config	2013-03-17 00:00:25 +01:00
Nikos Mavrogiannopoulos	5a4ce846b7	The TLS private keys are kept into a privileged process. That process is called security-module (sec-mod) and communicates with the workers using a unix domain socket.	2013-03-15 17:47:38 +01:00
Nikos Mavrogiannopoulos	9224a02b77	Updated sample script.	2013-03-13 19:19:45 +01:00
Nikos Mavrogiannopoulos	0c4b013b3f	Added plain password format	2013-03-12 23:40:11 +01:00
Nikos Mavrogiannopoulos	432a2da897	Allow setting a reconnection delay time after a failed authentication attempt (added min-reauth-time option).	2013-03-04 19:42:10 +01:00
Nikos Mavrogiannopoulos	ef18851237	Added option to allow sending a cookie without the corresponding certificate. This option is required for the cisco clients, that do not always use the client certificate. When this option is set to false it means that the cookie itself is sufficient for authentication. This is bad practice of smart cards are in use.	2013-03-01 21:54:49 +01:00
Nikos Mavrogiannopoulos	41e8d020b5	Several updates to handle URLs requested by the cisco client.	2013-03-01 19:52:10 +01:00
Nikos Mavrogiannopoulos	b489e0f912	doc update	2013-02-22 19:35:50 +01:00
Nikos Mavrogiannopoulos	4bfbe6d7bd	updated sample config	2013-02-19 21:40:11 +01:00
Nikos Mavrogiannopoulos	59026fb8f1	Added some kind of path MTU discovery using DPD.	2013-02-15 22:23:35 +01:00
Nikos Mavrogiannopoulos	35ce549e9e	Added missing files	2013-02-12 18:57:06 +01:00

42 Commits