GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-11 17:26:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,803 Commits 19 Branches 88 Tags
ae11fced53960a057ccf7813b1ee6769d85a39ba
Commit Graph

2803 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lele Long
ae11fced53 Update --load-ca-certificate argument to ca-cert.pem in examples 
Signed-off-by: Lele Long <schemacs@gmail.com>
 2017-06-16 18:49:28 +08:00
Nikos Mavrogiannopoulos
ae3e52c252 .gitlab-ci.yml: disabled freebsd builds; system no longer available [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-06-14 15:58:08 +02:00
Nikos Mavrogiannopoulos
6ac543e3a0 document that not all methods can be combined 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-31 09:34:23 +02:00
Nikos Mavrogiannopoulos
89ba65922a Avoid the use of the VERS-ALL priority string when gnutls < 3.3.24 is present 
That priority string is only available on gnutls 3.3.24+ versions of gnutls.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-18 08:27:02 +02:00
Nikos Mavrogiannopoulos
954774d43e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
ocserv_0_11_8 		2017-05-03 02:34:43 +02:00
Nikos Mavrogiannopoulos
48f59f1b94 .gitlab-ci.yml: compile using GeoIP-devel in F25/Centos7 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-03 00:15:46 +02:00
Nikos Mavrogiannopoulos
a332788bd4 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-03 00:13:30 +02:00
Nikos Mavrogiannopoulos
f0969ffd3f configure: allow disabling libgeoip detection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-03 00:12:26 +02:00
Nikos Mavrogiannopoulos
1c236a8abb occtl: print peer location on show user info 
That utilizes libgeoip.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-02 13:45:38 +02:00
Nikos Mavrogiannopoulos
2664d1c42c occtl: print Status grouped with general info 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-02 07:10:29 +02:00
Nikos Mavrogiannopoulos
abd621b30c kkdcp: increased read timeout and made it a definition 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-29 13:01:35 +02:00
Nikos Mavrogiannopoulos
373af80d60 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-28 17:20:29 +02:00
Nikos Mavrogiannopoulos
02471bd0cb kkdcp: increase maximum packet size to 64kb 
There are cases where our previous limit (16kb) was insufficient
(see #100), and it is reasonable to switch to a limit related to
maximum UDP packet size.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-28 17:20:29 +02:00
Nikos Mavrogiannopoulos
9dae1ecedc doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-27 09:06:28 +02:00
Nikos Mavrogiannopoulos
0b9ce68c17 handle_worker_commands: fix use of send_msg_to_worker 
Relates #100

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-27 08:57:09 +02:00
Nikos Mavrogiannopoulos
f932e61e46 updated auto-generated files [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-25 19:05:48 +02:00
Nikos Mavrogiannopoulos
1627f09cc9 configure: bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-25 19:01:32 +02:00
Nikos Mavrogiannopoulos
5c20ad2c61 occtl: combined stats and status cmd 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-24 19:35:38 +02:00
Nikos Mavrogiannopoulos
03c81b190a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-23 19:09:39 +02:00
Nikos Mavrogiannopoulos
0d8ee5e6a9 config: increased the default max-ban-score to 8 wrong password attempts 
This still prevents abuse, while allowing few more attempts than 5, which
are typically easily reached through software which remembers passwords.
At the same time increase the default ban time to 20 minutes.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-23 19:09:39 +02:00
Nikos Mavrogiannopoulos
53fe6218e6 occtl: always print the stats reset time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-19 19:57:30 +02:00
Nikos Mavrogiannopoulos
5e7f416e72 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 17:24:23 +03:00
Nikos Mavrogiannopoulos
c99ca67354 reset_stats: print session statistics prior to reset 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 17:02:28 +03:00
Nikos Mavrogiannopoulos
e135f8a54e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
e8b19309f1 sample.config: added server-stats-reset-time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
ccb80b5d4f occtl: improved presentation of printed statistics 
Also added different values to keep authentication failures
and closed sessions, in total and per accounting period.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
99b2fdcd06 Reset periodically the server statistics kept 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
d6ff620487 secmod sends periodically stats to main 
That ensures that statistics will reach main even if no
users are logged in/logged out.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
538d1bca21 occtl: print statistics provided by main 
Also introduced the --debug option.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
e9cf88f8c2 main: store additional statistics globally 
That is, store:
 * number of timed out sessions
 * number of timed out due being idle sessions
 * number of errored sessions
 * total number of session handled (closed)
 * total number of kbytes sent
 * total number of kbytes received
 * minimum MTU seen
 * maximum MTU seen
 * total authentication failures
 * average/max authentication time (in secs)
 * average/max session time (in minutes)

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
81d2a86eff tun: defined undeclared variable 'e' 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:27:02 +03:00
Nikos Mavrogiannopoulos
6e433a3bc5 update fedora build to F25 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 12:12:51 +03:00
Nikos Mavrogiannopoulos
1ac9c5bc49 .gitlab-ci.yml: explicitly install make in Centos/Fedora 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 12:12:26 +03:00
Nikos Mavrogiannopoulos
b2e199577d doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 11:36:42 +03:00
Nikos Mavrogiannopoulos
cf74746fb7 tun: be more verbose in bsd tun device creation errors 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-30 12:06:43 +02:00
Nikos Mavrogiannopoulos
37f8ebc8c9 tests: added unit test for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:15:35 +02:00
Nikos Mavrogiannopoulos
0c18e122e6 tests: added check for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:11:53 +02:00
Nikos Mavrogiannopoulos
18fa25fea2 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:08:49 +02:00
Nikos Mavrogiannopoulos
a45f358af3 worker: added support for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:08:45 +02:00
Nikos Mavrogiannopoulos
fa3dad2e37 doc: document limitations of listen-clear-file 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-25 19:55:46 +01:00
Nikos Mavrogiannopoulos
de0823f01e worker-proxyproto: improved error message 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 20:07:49 +01:00
Nikos Mavrogiannopoulos
83bea71e38 tests: added unit test for cstp_recv_nb() 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 20:07:47 +01:00
Nikos Mavrogiannopoulos
0792d7a135 cstp_recv_nb: improve operation under receiving from UNIX socket 
That is, ensure that all possible packet size combinations are
correctly received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 19:07:51 +01:00
Nikos Mavrogiannopoulos
50c551b56e tests: kerberos tests use F25 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-23 09:33:14 +01:00
Nikos Mavrogiannopoulos
8e66136a1b tests: test-user-config: fixed check for 401 error 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-23 09:28:43 +01:00
Nikos Mavrogiannopoulos
e8a07e402e Revert "cstp_recv_nb: improve operation under receiving from UNIX socket" 
This reverts commit 409f114d9e.
 2017-03-23 09:06:40 +01:00
Nikos Mavrogiannopoulos
fa00c52809 doc update 2017-03-20 09:28:01 +01:00
Nikos Mavrogiannopoulos
9938056f6c Disable DTLS-PSK protocol when run under a unix socket 
It is not possible to derive PSK keys when only the TCP CSTP session
is available, without the TLS session.

Relates #22

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-03-20 09:27:46 +01:00
Nikos Mavrogiannopoulos
409f114d9e cstp_recv_nb: improve operation under receiving from UNIX socket 
That is, ensure that all possible packet size combinations are
correctly received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-20 08:20:40 +01:00
Nikos Mavrogiannopoulos
aa28f0b9d2 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-11 21:27:32 +01:00