new upstream release

epel9
Nikos Mavrogiannopoulos 10 years ago
parent a13678e2ea
commit 87a8dc624e

2
.gitignore vendored

@ -20,3 +20,5 @@
/ocserv-0.8.7.tar.xz /ocserv-0.8.7.tar.xz
/ocserv-0.8.8.tar.xz.sig /ocserv-0.8.8.tar.xz.sig
/ocserv-0.8.8.tar.xz /ocserv-0.8.8.tar.xz
/ocserv-0.8.9.tar.xz.sig
/ocserv-0.8.9.tar.xz

@ -22,13 +22,19 @@ auth = "pam"
# to generate password entries. # to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]" #auth = "plain[/etc/ocserv/ocpasswd]"
# Whether to enable seccomp worker isolation. That restricts the number of
# system calls allowed to a worker process, in order to reduce damage from a
# bug in the worker process. It is available on Linux systems at a performance cost.
#use-seccomp = true
# Whether to enable the authentication method's session control (i.e., PAM).
# That requires more resources on the server, and makes cookies one-time-use;
# thus don't enable unless you need it.
#session-control = true
# A banner to be displayed on clients # A banner to be displayed on clients
#banner = "Welcome" #banner = "Welcome"
# Use listen-host to limit to specific IPs or to the IPs of a provided
# hostname.
#listen-host = [IP|HOSTNAME]
# Limit the number of clients. Unset or set to zero for unlimited. # Limit the number of clients. Unset or set to zero for unlimited.
#max-clients = 1024 #max-clients = 1024
max-clients = 16 max-clients = 16
@ -41,10 +47,23 @@ max-clients = 16
# multiple times). Unset or set to zero for unlimited. # multiple times). Unset or set to zero for unlimited.
max-same-clients = 2 max-same-clients = 2
# Use listen-host to limit to specific IPs or to the IPs of a provided
# hostname.
#listen-host = [IP|HOSTNAME]
# When the server has a dynamic DNS address (that may change),
# should set that to true to ask the client to resolve again on
# reconnects.
#listen-host-is-dyndns = true
# TCP and UDP port number # TCP and UDP port number
tcp-port = 443 tcp-port = 443
udp-port = 443 udp-port = 443
# Accept connections using a socket file. The connections are
# forwarded without SSL/TLS.
listen-clear-file = /var/run/ocserv-conn.socket
# Keepalive in seconds # Keepalive in seconds
keepalive = 32400 keepalive = 32400
@ -94,7 +113,6 @@ server-key = /etc/pki/ocserv/private/server.key
# The Certificate Authority that will be used to verify # The Certificate Authority that will be used to verify
# client certificates (public keys) if certificate authentication # client certificates (public keys) if certificate authentication
# is set. # is set.
#ca-cert = /path/to/ca.pem
ca-cert = /etc/pki/ocserv/cacerts/ca.crt ca-cert = /etc/pki/ocserv/cacerts/ca.crt
# The object identifier that will be used to read the user ID in the client # The object identifier that will be used to read the user ID in the client
@ -113,10 +131,10 @@ ca-cert = /etc/pki/ocserv/cacerts/ca.crt
#crl = /path/to/crl.pem #crl = /path/to/crl.pem
# GnuTLS priority string # GnuTLS priority string
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT" tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-ARCFOUR-128"
# To enforce perfect forward secrecy (PFS) on the main channel. # To enforce perfect forward secrecy (PFS) on the main channel.
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA" #tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
# The time (in seconds) that a client is allowed to stay connected prior # The time (in seconds) that a client is allowed to stay connected prior
# to authentication # to authentication
@ -135,7 +153,18 @@ auth-timeout = 40
#min-reauth-time = 2 #min-reauth-time = 2
# Cookie timeout (in seconds) # Cookie timeout (in seconds)
cookie-timeout = 360 # Once a client is authenticated he's provided a cookie with
# which he can reconnect. That cookie will be invalided if not
# used within this timeout value. On a user disconnection, that
# cookie will also be active for this time amount prior to be
# invalid. That should allow a reasonable amount of time for roaming
# between different networks.
cookie-timeout = 300
# Whether roaming is allowed, i.e., if true a cookie is
# restricted to a single IP address and cannot be re-used
# from a different IP.
deny-roaming = false
# ReKey time (in seconds) # ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once # ocserv will ask the client to refresh keys periodically once
@ -157,8 +186,8 @@ rekey-method = ssl
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP # DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client), # in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
# ID (a unique numeric ID); REASON may be "connect" or "disconnect". # ID (a unique numeric ID); REASON may be "connect" or "disconnect".
#connect-script = /usr/bin/ocserv-script #connect-script = /scripts/ocserv-script
#disconnect-script = /usr/bin/ocserv-script #disconnect-script = /scripts/ocserv-script
# UTMP # UTMP
use-utmp = true use-utmp = true
@ -171,6 +200,7 @@ use-occtl = true
# if you use more than a single servers. # if you use more than a single servers.
#occtl-socket-file = /var/run/occtl.socket #occtl-socket-file = /var/run/occtl.socket
# PID file. It can be overriden in the command line. # PID file. It can be overriden in the command line.
#pid-file = /var/run/ocserv.pid #pid-file = /var/run/ocserv.pid
@ -254,7 +284,7 @@ ping-leases = false
# #
# To set the server as the default gateway for the client just # To set the server as the default gateway for the client just
# comment out all routes from the server. # comment out all routes from the server.
route = 192.168.1.0/255.255.255.0 #route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0 #route = 192.168.5.0/255.255.255.0
#route = fef4:db8:1000:1001::/64 #route = fef4:db8:1000:1001::/64
@ -291,17 +321,23 @@ route = 192.168.1.0/255.255.255.0
#default-select-group = DEFAULT #default-select-group = DEFAULT
# Instead of specifying manually all the allowed groups, you may instruct # Instead of specifying manually all the allowed groups, you may instruct
# ocserv to scan all available groups and include the full list. # ocserv to scan all available groups and include the full list. That
# option is only functional on plain authentication.
#auto-select-group = true #auto-select-group = true
# The system command to use to setup a route. %R will be replaced with the # The system command to use to setup a route. %{R} will be replaced with the
# route/mask and %D with the (tun) device. # route/mask and %{D} with the (tun) device.
# #
# The following example is from linux systems. %R should be something # The following example is from linux systems. %{R} should be something
# like 192.168.2.0/24 # like 192.168.2.0/24
route-add-cmd = "ip route add %R dev %D" route-add-cmd = "ip route add %{R} dev %{D}"
route-del-cmd = "ip route delete %R dev %D" route-del-cmd = "ip route delete %{R} dev %{D}"
# This option allows to forward a proxy. The special strings '%{U}'
# and '%{G}', if present will be replaced by the username and group name.
#proxy-url = http://example.com/
#proxy-url = http://example.com/%{U}/%{G}/hello
# #
# The following options are for (experimental) AnyConnect client # The following options are for (experimental) AnyConnect client

@ -1,5 +1,5 @@
Name: ocserv Name: ocserv
Version: 0.8.8 Version: 0.8.9
Release: 1%{?dist} Release: 1%{?dist}
Summary: OpenConnect SSL VPN server Summary: OpenConnect SSL VPN server
@ -142,6 +142,9 @@ rm -rf %{buildroot}
%{_localstatedir}/lib/ocserv/profile.xml %{_localstatedir}/lib/ocserv/profile.xml
%changelog %changelog
* Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-1
- New upstream release
* Wed Nov 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.8-1 * Wed Nov 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.8-1
- New upstream release - New upstream release

@ -1,2 +1,2 @@
de7faa9e1658dfea0f409fcc83fcb7ff ocserv-0.8.8.tar.xz.sig 5ea9824e39ca125260b67a1379f42036 ocserv-0.8.9.tar.xz.sig
d9b12a3fa976dfda3e4c0238173744e6 ocserv-0.8.8.tar.xz cd935cc89bffac75c825e66ef71f6a73 ocserv-0.8.9.tar.xz

Loading…
Cancel
Save