From b613dcdf60967f5113d0a284ee13fe0e5c8e4eb1 Mon Sep 17 00:00:00 2001 From: Toyo Date: Sat, 27 May 2017 12:28:18 +0800 Subject: [PATCH] Add files via upload --- other/ocserv.conf | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 other/ocserv.conf diff --git a/other/ocserv.conf b/other/ocserv.conf new file mode 100644 index 0000000..b56e652 --- /dev/null +++ b/other/ocserv.conf @@ -0,0 +1,58 @@ +auth = "plain[passwd=/etc/ocserv/ocpasswd]" +# listen-host = [IP|HOSTNAME] +tcp-port = 443 +udp-port = 443 +run-as-user = nobody +run-as-group = daemon +socket-file = /var/run/ocserv-socket +server-cert = /etc/ocserv/ssl/server-cert.pem +server-key = /etc/ocserv/ssl/server-key.pem +ca-cert = /etc/ocserv/ssl/ca-cert.pem +isolate-workers = true +banner = "Welcome Doub.io" +max-clients = 16 +max-same-clients = 2 +server-stats-reset-time = 604800 +keepalive = 32400 +dpd = 90 +mobile-dpd = 1800 +switch-to-tcp-timeout = 25 +try-mtu-discovery = true +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" +auth-timeout = 240 +min-reauth-time = 300 +max-ban-score = 80 +ban-reset-time = 1200 +cookie-timeout = 300 +deny-roaming = false +rekey-time = 172800 +rekey-method = ssl +use-occtl = true +pid-file = /var/run/ocserv.pid +device = vpns +predictable-ips = true +default-domain = example.com + +ipv4-network = 192.168.1.0 +ipv4-netmask = 255.255.255.0 +# An alternative way of specifying the network: +#ipv4-network = 192.168.1.0/24 +# The IPv6 subnet that leases will be given from. +#ipv6-network = fda9:4efe:7e3b:03ea::/48 +# Specify the size of the network to provide to clients. It is +# generally recommended to provide clients with a /64 network in +# IPv6, but any subnet may be specified. To provide clients only +# with a single IP use the prefix 128. +#ipv6-subnet-prefix = 128 +#ipv6-subnet-prefix = 64 +tunnel-all-dns = true +dns = 8.8.8.8 +dns = 8.8.4.4 +ping-leases = false +# route = 10.10.10.0/255.255.255.0 +# route = 192.168.0.0/255.255.0.0 +# route = fef4:db8:1000:1001::/64 +# route = default +# no-route = 192.168.5.0/255.255.255.0 +cisco-client-compat = true +dtls-legacy = true \ No newline at end of file