# User authentication method. Could be set multiple times and in that case
# all should succeed.
--# Options: certificate, pam.
++# Options: certificate, pam.
#auth = "certificate"
- auth = "plain[@abs_top_srcdir@/tests/configs/test1.passwd]"
+ auth = "plain[@SRCDIR@/configs/test1.passwd]"
#auth = "pam"
# A banner to be displayed on clients
#max-clients = 1024
max-clients = 16
--# Limit the number of client connections to one every X milliseconds
++# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
rate-limit-ms = 0
try-mtu-discovery = false
# The key and the certificates of the server
--# The key may be a file, or any URL supported by GnuTLS (e.g.,
++# The key may be a file, or any URL supported by GnuTLS (e.g.,
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
# or pkcs11:object=my-vpn-key;object-type=private)
#
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
--# Useful OIDs are:
++# Useful OIDs are:
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
cert-user-oid = 0.9.2342.19200300.100.1.1
--# The object identifier that will be used to read the user group in the client
++# The object identifier that will be used to read the user group in the client
# certificate. The object identifier should be part of the certificate's DN
--# Useful OIDs are:
--# OU (organizational unit) = 2.5.4.11
++# Useful OIDs are:
++# OU (organizational unit) = 2.5.4.11
#cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
# to authentication
auth-timeout = 40
--# The time (in seconds) that a client is not allowed to reconnect after
++# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
--# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
++# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
# The NBNS server (if any)
#ipv4-nbns = 192.168.2.3
--#ipv6-address =
--#ipv6-mask =
--#ipv6-dns =
++#ipv6-address =
++#ipv6-mask =
++#ipv6-dns =
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
ping-leases = false
# Leave empty to assign the default MTU of the device
--# mtu =
++# mtu =
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
#
--# The following options are for (experimental) AnyConnect client
--# compatibility. They are only available if the server is built
++# The following options are for (experimental) AnyConnect client
++# compatibility. They are only available if the server is built
# with --enable-anyconnect
#
# Client profile xml. A sample file exists in doc/profile.xml.
--# This file must be accessible from inside the worker's chroot.
++# This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client.
#user-profile = profile.xml
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
cisco-client-compat = true
--
projects / users / dwmw2 / openconnect.git / commitdiff