GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,463 Commits 19 Branches 88 Tags
aa6bd829d4943e825874f6591a1752f57e2c516c
Commit Graph

158 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
aa6bd829d4 increased the default cookie rekey time to 3 days 2016-02-21 12:43:20 +01:00
Nikos Mavrogiannopoulos
b130bd9214 config: increased the default auth-timeout value to 4mins 
This provides slow users more time to enter their username,
password.
 2016-02-13 14:49:08 +01:00
Nikos Mavrogiannopoulos
89f02bad02 config: put kkdcp options into brackets 
That is not necessary for the existing examples, but may be
in future ones, as they may contain characters that libopts doesn't
like.
 2016-02-08 19:27:39 +01:00
Nikos Mavrogiannopoulos
b6df22c8c3 Reload the certificates and private keys on SIGHUP 
Until now this part of the configuration was static, but
there is the need to reload certificates and keys, e.g., on
renewal.
 2016-01-26 12:51:05 +01:00
Nikos Mavrogiannopoulos
c61e5eb47b doc: document that ocserv-fw requiring options are available in Linux systems only 2016-01-25 11:16:06 +01:00
Nikos Mavrogiannopoulos
d0fc4ce92b doc: added more info on isolate-workers 2016-01-20 13:12:37 +01:00
Nikos Mavrogiannopoulos
3b0342c678 doc update 2015-12-08 14:35:30 +01:00
Nikos Mavrogiannopoulos
14d19b3e9a Enhanced configuration option 'restrict-user-to-ports' 
This enhancement allows to negate the rules and allow the user connecting
to all ports except the specified.
 2015-12-07 11:15:56 +01:00
Nikos Mavrogiannopoulos
d910c8952b doc: list 'route=default' as an example 2015-12-02 10:41:16 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
53376c96a2 doc: document the behavior of restrict-user-to-routes in case of defaultroute 2015-11-29 20:24:32 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
c7fe48f372 scripts: export the routes,no-routes and dns servers 2015-11-23 10:53:43 +01:00
Nikos Mavrogiannopoulos
8d03519fb2 doc update 2015-11-17 11:02:26 +01:00
Nikos Mavrogiannopoulos
2473633b8d Added cookie key rotation 2015-11-17 08:33:38 +01:00
Nikos Mavrogiannopoulos
65004a55df Added configuration option tunnel-all-dns 2015-11-10 13:50:03 +01:00
Nikos Mavrogiannopoulos
0b8f4beb8b Added user-specific configuration options dpd, mobile-dpd, keepalive, max-same-clients 2015-11-10 13:49:13 +01:00
Nikos Mavrogiannopoulos
d72424b9c0 doc update 2015-10-30 14:40:49 +01:00
Nikos Mavrogiannopoulos
5a10283125 Added the config option expose-iroutes 
This allows the server to advertise routes offered by few clients
to all clients except the ones offering them.
 2015-10-25 22:43:54 +01:00
Nikos Mavrogiannopoulos
40bd1550c1 ipv6: introduced ipv6-subnet-prefix config option 
That option allows to specify the IPv6 subnet prefix to be given
to client. That is, allow providing the clients networks larger
than /128. Set the option to 128 to simulate the previous behavior
of ocserv.
 2015-10-24 19:26:48 +02:00
Nikos Mavrogiannopoulos
e5d02eb228 plain auth: support OTP authentication using usersfile 
That adds a dependency on liboath.
 2015-09-25 15:03:38 +02:00
Nikos Mavrogiannopoulos
568d6fa767 mention the possibility of proxy arp 2015-09-24 09:52:18 +02:00
Nikos Mavrogiannopoulos
0461787fcc doc update 2015-09-18 16:45:53 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
f2caadbe83 updated documentation for CRL reload 2015-09-14 17:59:58 +02:00
Nikos Mavrogiannopoulos
edba5fc23e removed pam accounting method from config file 
Reported by Stuart Henderson.
 2015-09-05 00:16:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
17e71dccd8 Added support for proxy protocol (v2) 2015-07-15 13:03:58 +02:00
Nikos Mavrogiannopoulos
3f48b31a9e use quotes in all examples to avoid issues in modifications 2015-06-29 15:33:16 +02:00
Nikos Mavrogiannopoulos
8b186fb53a Allow specifying a PIN and SRK PIN in the config file 
That pin will be used to decrypt encrypted key files as well.
 2015-06-25 14:12:57 +02:00
Nikos Mavrogiannopoulos
f954983f7a sample.config: bring in par with ocserv-args.def 2015-05-23 11:16:43 +02:00
Nikos Mavrogiannopoulos
9c0ebd3c81 document the fact that some clients fail if rekey is disabled 2015-05-23 11:15:07 +02:00
Nikos Mavrogiannopoulos
45d380ccd9 corrected typos in IPV6 env variable 2015-05-11 14:26:10 +02:00
Nikos Mavrogiannopoulos
8b32d185c6 doc update 2015-05-06 20:43:04 +02:00
Nikos Mavrogiannopoulos
f89525ff94 added config option 'persistent-cookies' 
When it is set, it doesn't invalidate cookies after
user disconnection.
 2015-05-06 20:41:42 +02:00
Nikos Mavrogiannopoulos
df4425a7d2 radius: consider Acct-Interim-Interval by default 
That can also be overriden by specifying 'override-interim-updates=true'
in the radius subconfig.
 2015-05-05 11:24:34 +02:00
Nikos Mavrogiannopoulos
70eca474c4 doc: use the "proper" URL for kdcproxy 2015-05-04 10:55:02 +02:00
Nikos Mavrogiannopoulos
ddfa37cf4a increased the tgt-freshness-time in examples 2015-04-29 17:36:14 +02:00
Nikos Mavrogiannopoulos
e54f6e2ac2 Added config option 'tgt-freshness-time' for GSSAPI 
This allows to set the maximum number of seconds a TGT ticket will
be valid for logging in the VPN. That can be used to prevent
a valid for a day TGT ticket from being used to login to VPN, and
addresses the use-case of where a laptop with a valid TGT ticket is
stolen.
 2015-04-29 10:41:27 +02:00
Nikos Mavrogiannopoulos
a588010c41 doc update 2015-04-23 10:28:21 +02:00
Nikos Mavrogiannopoulos
b27ff28971 updated sample.config 2015-03-04 10:28:15 +01:00
Nikos Mavrogiannopoulos
642edaae59 doc update: mention that banning cannot be combined with listen-clear-file 2015-03-03 15:37:58 +01:00
Nikos Mavrogiannopoulos
b4347e4971 updated documentation with options that will be read in reload 2015-03-03 11:44:51 +01:00
Nikos Mavrogiannopoulos
81b6b6bd3c doc update 2015-03-03 11:26:44 +01:00
Nikos Mavrogiannopoulos
b732a6e91e doc update 2015-03-03 11:19:30 +01:00
Nikos Mavrogiannopoulos
f33b7f9559 doc update 2015-03-03 11:06:54 +01:00
Nikos Mavrogiannopoulos
445ea63783 made the ban points configurable 2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos
7619895a25 removed server-name config option 2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos
c9efcae416 doc update 2015-02-26 09:24:24 +01:00
Nikos Mavrogiannopoulos
0aa2c86f08 Added points in KKDCP connections to prevent DoS attacks. 2015-02-25 14:31:21 +01:00