GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,494 Commits 19 Branches 88 Tags
fe848ad15394e0079cd86b3d2d39a76bb1d25473
Commit Graph

82 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
fe848ad153 replaced use-seccomp by isolate-workers 
That, if enabled, includes the Linux namespaces restrictions into workers.
 2015-01-15 10:25:23 +01:00
Nikos Mavrogiannopoulos
2f3d520c85 do not enforce PFS on default strings 
That allows legacy clients connect.
 2015-01-11 12:22:27 +01:00
Nikos Mavrogiannopoulos
50f2fb88f6 simplify the input of IPv6 networks 
The prefix is specified as part of the network.
 2014-12-29 20:15:36 +02:00
Nikos Mavrogiannopoulos
80459cfbd5 the default strings will enforce PFS 2014-12-25 10:56:19 +02:00
Nikos Mavrogiannopoulos
113ae94f13 removed unused option 2014-12-14 14:06:03 +01:00
Nikos Mavrogiannopoulos
93125ea945 updated documentation on radius 2014-12-10 11:46:17 +01:00
Nikos Mavrogiannopoulos
320773e80a Added support for radius interim updates 2014-12-10 11:18:29 +01:00
Nikos Mavrogiannopoulos
766afb591a Added support for reading user configuration from radius. 2014-12-09 15:38:27 +01:00
Nikos Mavrogiannopoulos
2194e11b39 Added support for radius authentication 2014-12-09 10:59:18 +01:00
Nikos Mavrogiannopoulos
cb9dcde387 Notify the client that the server may have a dynamic DNS address 
That is send "X-CSTP-DynDNS: true", in CSTP headers if the
server is configured as having a dynamic DNS address.
 2014-11-30 11:30:08 +01:00
Nikos Mavrogiannopoulos
74aa65bfa0 enhanced sample.config 2014-11-26 17:09:54 +01:00
Nikos Mavrogiannopoulos
0320f61e3f Disable RC4 in the default priority strings 2014-11-18 22:23:02 +01:00
Nikos Mavrogiannopoulos
2069af24a8 disable SSL 3.0 on the default priorities 2014-10-17 11:01:28 +02:00
Nikos Mavrogiannopoulos
c2856e2ee6 disabled session control by default in sample.config 2014-10-15 07:58:36 +02:00
Nikos Mavrogiannopoulos
3a455f4178 listen-file -> listen-clear-file 2014-09-28 09:06:14 +02:00
Nikos Mavrogiannopoulos
e2585b2f26 unix-conn-file -> listen-file 2014-09-26 08:54:41 +02:00
Nikos Mavrogiannopoulos
4ea5a56ace Allow the CSTP layer to operate without TLS 
That also introduces a unix domain socket under which connections to the
server can occur.
 2014-09-23 16:08:29 +02:00
Nikos Mavrogiannopoulos
18cef50ebe doc update 2014-06-12 15:36:39 +02:00
Nikos Mavrogiannopoulos
021febe5d8 doc update 2014-06-10 15:16:54 +02:00
Nikos Mavrogiannopoulos
7ccdba8234 doc update 2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
51494e0df1 doc update 2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos
2276acf57b limit the cookie validity time to 3 hours in the configuration examples. 2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos
177c1c95bd Allow aliases to group names. 2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
2668fe63b4 Added the default-select-group directive. 2014-05-19 20:00:35 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
0f0f96ef5c sample.config: comment out the occtl-socket-file. 2014-05-17 08:47:27 +02:00
Nikos Mavrogiannopoulos
788560b9ce Added default-user-config and default-group-config configuration options. 
These allow setting a configuration file that will be loaded if a
user-specific or group-specific configuration file isn't found.
 2014-05-14 13:27:51 +02:00
Nikos Mavrogiannopoulos
9434334918 updated sample.config 2014-05-11 14:23:43 +02:00
Nikos Mavrogiannopoulos
593ce2c9fa sample config update 2014-05-04 11:13:44 +02:00
Nikos Mavrogiannopoulos
8e73f98502 changed the default DPD time to 90 seconds, to prevent UDP port from changing in several NATs. 2014-04-19 08:30:10 +02:00
Nikos Mavrogiannopoulos
35c46d05c5 Do not set the output-buffer in the default configuration. 2014-03-25 11:25:42 +01:00
Nikos Mavrogiannopoulos
de1f63605b updated sample 2014-02-22 12:54:40 +01:00
Nikos Mavrogiannopoulos
faf0a7133b doc update 2014-02-17 22:22:07 +01:00
Nikos Mavrogiannopoulos
6d8841cae7 sample.conf update 2014-02-12 11:05:14 +01:00
Nikos Mavrogiannopoulos
5bf791bdfa doc update 2014-02-01 19:03:33 +01:00
Nikos Mavrogiannopoulos
0ec67882c0 Added support for multiple DNS and NBNS servers. 
This patch also combines ipv4-dns and ipv6-dns options
that are now handled as aliases to dns.

A side-effect of this patch is that the local keyword is no
longer supported.
 2014-02-01 14:50:52 +01:00
Nikos Mavrogiannopoulos
7129b7b316 change default ipv6 to link-local 2014-01-30 09:43:18 +01:00
Nikos Mavrogiannopoulos
8a29216228 doc update 2014-01-29 15:13:33 +01:00
Nikos Mavrogiannopoulos
b1af6f2829 enabling cisco-client-compat allows 'stealing' of processes. 
This change puts a proc_st that its client has terminated to a "zombie"
state. That state will allow a client that connects later using the
same TLS session ID to reclaim it. That way clients that try to authenticate
by sending their credentials in different sessions can still authenticate with
ocserv. That however puts more trust to worker processes (as the main
process has no way of telling whether a TLS session is certainly
resumed).
 2014-01-18 15:06:10 +01:00
Nikos Mavrogiannopoulos
7a7a44099d Added more conservative priority strings. 2014-01-10 10:50:37 +01:00
Nikos Mavrogiannopoulos
9079e2b67a Added configuration option use-dbus to allow disabling D-BUS usage. 2014-01-09 21:32:24 +01:00
Nikos Mavrogiannopoulos
c6a08db6db Added support for cgroups 2013-12-10 11:07:08 +01:00
Nikos Mavrogiannopoulos
b21f05df06 Allow setting directly the IP_TOS from net-priority. 2013-12-09 22:59:44 +01:00
Nikos Mavrogiannopoulos
6cb553e9a8 Added the net-priority configuration option. 
That option allows setting the protocol-defined priority (via SO_PRIORITY)
for the UDP and TCP sockets, per user/group or globally.
 2013-12-09 14:40:55 +01:00
Nikos Mavrogiannopoulos
e08f70987a Added the --http-debug option to ocserv to avoid printing full HTTP messages to normal debug mode. 2013-11-16 17:33:50 +01:00
Nikos Mavrogiannopoulos
615e16cc41 count bandwidth in kb/sec to avoid overflows on high bandwidth. 2013-11-05 20:32:23 +01:00