Configuration content to start an OCServ server.
For a full configuration reference,please refer to the online documentation (https://ocserv.gitlab.io/www/manual.html), the openconnect recipes (https://github.com/openconnect/recipes) or man ocserv.
Declarations
Type
strings concatenated with "\n"Example
''
# configuration examples from $out/doc without explanatory comments.
# for a full reference please look at the installed man pages.
auth = "plain[passwd=./sample.passwd]"
tcp-port = 443
udp-port = 443
run-as-user = nobody
run-as-group = nogroup
socket-file = /run/ocserv-socket
server-cert = certs/server-cert.pem
server-key = certs/server-key.pem
keepalive = 32400
dpd = 90
mobile-dpd = 1800
switch-to-tcp-timeout = 25
try-mtu-discovery = false
cert-user-oid = 0.9.2342.19200300.100.1.1
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
auth-timeout = 240
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 1200
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 192.168.1.0
ipv4-netmask = 255.255.255.0
dns = 192.168.1.2
ping-leases = false
route = 10.10.10.0/255.255.255.0
route = 192.168.0.0/255.255.0.0
no-route = 192.168.5.0/255.255.255.0
cisco-client-compat = true
dtls-legacy = true
[vhost:www.example.com]
auth = "certificate"
ca-cert = certs/ca.pem
server-cert = certs/server-cert-secp521r1.pem
server-key = cersts/certs/server-key-secp521r1.pem
ipv4-network = 192.168.2.0
ipv4-netmask = 255.255.255.0
cert-user-oid = 0.9.2342.19200300.100.1.1
''