From 100c73194f53f0c62537dc8c1023baa5557357c6 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 26 May 2014 13:06:37 +0200 Subject: [PATCH] new upstream release --- .gitignore | 2 ++ ocserv.conf | 44 +++++++++++++++++++++++++++++++++++++++----- ocserv.spec | 10 ++++++++-- sources | 3 ++- 4 files changed, 51 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index ba9312a..26820b3 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ /ocserv-0.3.3.tar.xz /ocserv-0.3.4.tar.xz /ocserv-0.3.5.tar.xz +/ocserv-0.8.0pre0.tar.xz +/ocserv-0.8.0pre0.tar.xz.sig diff --git a/ocserv.conf b/ocserv.conf index 0e638e5..b87ba46 100644 --- a/ocserv.conf +++ b/ocserv.conf @@ -5,6 +5,10 @@ #auth = "plain[./sample.passwd]" auth = "pam" +# The gid-min option is used by auto-select-group option, in order to +# select the minimum group ID. +#auth = "pam[gid-min=1000]" + # The plain option requires specifying a password file which contains # entries of the following format. # "username:groupname:encoded-password" @@ -128,7 +132,7 @@ auth-timeout = 40 # Once a client is authenticated he's provided a cookie with # which he can reconnect. This option sets the maximum lifetime # of that cookie. -cookie-validity = 86400 +cookie-validity = 10800 # ReKey time (in seconds) # ocserv will ask the client to refresh keys periodically once @@ -156,10 +160,13 @@ rekey-method = ssl # UTMP use-utmp = true -# D-BUS usage. If disabled occtl tool cannot be used. If enabled -# then ocserv must have access to register org.infradead.ocserv -# D-BUS service. See doc/dbus/org.infradead.ocserv.conf -use-dbus = true +# Whether to enable support for the occtl tool (i.e., either through D-BUS, +# or via a unix socket). +use-occtl = true + +# socket file used for IPC with occtl. You only need to set that, +# if you use more than a single servers. +#occtl-socket-file = /var/run/occtl.socket # PID file. It can be overriden in the command line. #pid-file = /var/run/ocserv.pid @@ -194,6 +201,10 @@ run-as-group = ocserv # The name of the tun device device = vpns +# Whether the generated IPs will be predictable, i.e., IP stays the +# same for the same user when possible. +predictable-ips = true + # The default domain to be advertised default-domain = example.com @@ -258,6 +269,29 @@ route = 192.168.1.0/255.255.255.0 #config-per-user = /etc/ocserv/config-per-user/ #config-per-group = /etc/ocserv/config-per-group/ +# When config-per-xxx is specified and there is no group or user that +# matches, then utilize the following configuration. + +#default-user-config = /etc/ocserv/defaults/user.conf +#default-group-config = /etc/ocserv/defaults/group.conf + +# Groups that a client is allowed to select from. +# A client may belong in multiple groups, and in certain use-cases +# it is needed to switch between them. For these cases the client can +# select prior to authentication. Add multiple entries for multiple groups. +#select-group = group1 +#select-group = group2[My group 2] +#select-group = tost[The tost group] + +# The name of the group that if selected it would allow to use +# the assigned by default group. +default-select-group = DEFAULT + +# Instead of specifying manually all the allowed groups, you may instruct +# ocserv to scan all available groups and include the full list. That +# option is only functional on plain authentication. +auto-select-group = true + # The system command to use to setup a route. %R will be replaced with the # route/mask and %D with the (tun) device. # diff --git a/ocserv.spec b/ocserv.spec index 79094fe..87a96ca 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -1,5 +1,5 @@ Name: ocserv -Version: 0.3.5 +Version: 0.8.0pre0 Release: 1%{?dist} Summary: OpenConnect SSL VPN server @@ -13,6 +13,7 @@ Source2: ocserv.service Source3: ocserv-pamd.conf Source4: PACKAGE-LICENSING Source5: org.infradead.ocserv.conf +Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig # Taken from upstream: # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 @@ -26,13 +27,15 @@ BuildRequires: autogen-libopts-devel BuildRequires: protobuf-c-devel BuildRequires: libnl3-devel BuildRequires: readline-devel -BuildRequires: dbus-devel BuildRequires: autogen BuildRequires: pcllib-devel BuildRequires: http-parser-devel BuildRequires: tcp_wrappers-devel BuildRequires: automake, autoconf +# we don't build with dbus support +#BuildRequires: dbus-devel + Requires: gnutls-utils Requires: iproute Requires: pam @@ -158,6 +161,9 @@ rm -rf %{buildroot} %{_localstatedir}/lib/ocserv/profile.xml %changelog +* Mon May 26 2014 Nikos Mavrogiannopoulos - 0.8.0pre0-1 +- New upstream release + * Fri May 09 2014 Nikos Mavrogiannopoulos - 0.3.5-1 - New upstream release diff --git a/sources b/sources index f768ad7..d20aea7 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -7ba8ebe4eba08b6e1c9dabbc78da16e5 ocserv-0.3.5.tar.xz +de476b85be78be000f33c912a076657a ocserv-0.8.0pre0.tar.xz +0f2c49c121883cd189f28126d8ff718f ocserv-0.8.0pre0.tar.xz.sig