|
|
|
|
@ -1,16 +1,11 @@
|
|
|
|
|
# User authentication method. Could be set multiple times and in
|
|
|
|
|
# that case all should succeed. To enable multiple methods use
|
|
|
|
|
# multiple auth directives. Available options: certificate, certificate[optional],
|
|
|
|
|
# multiple auth directives. Available options: certificate,
|
|
|
|
|
# plain, pam, radius[configfile,groupconfig].
|
|
|
|
|
|
|
|
|
|
# certificate:
|
|
|
|
|
# This indicates that all connecting users must present a certificate.
|
|
|
|
|
#
|
|
|
|
|
# certificate[optional]:
|
|
|
|
|
# This indicates that a user may present a certificate. When that option
|
|
|
|
|
# is set, individual users or user groups can be forced to present a valid
|
|
|
|
|
# certificate by adding "require-cert=true" in the per-user configuration file.
|
|
|
|
|
#
|
|
|
|
|
# pam[gid-min=1000]:
|
|
|
|
|
# The gid-min option is used by auto-select-group option, in order to
|
|
|
|
|
# select the minimum valid group ID.
|
|
|
|
|
@ -31,7 +26,6 @@
|
|
|
|
|
# Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
|
|
|
|
|
|
|
|
|
|
#auth = "certificate"
|
|
|
|
|
#auth = "certificate[optional]"
|
|
|
|
|
auth = "pam"
|
|
|
|
|
#auth = "pam[gid-min=1000]"
|
|
|
|
|
#auth = "plain[/etc/ocserv/ocpasswd]"
|
|
|
|
|
@ -293,13 +287,20 @@ predictable-ips = true
|
|
|
|
|
# The default domain to be advertised
|
|
|
|
|
default-domain = example.com
|
|
|
|
|
|
|
|
|
|
# The pool of addresses that leases will be given from.
|
|
|
|
|
# The pool of addresses that leases will be given from. If the leases
|
|
|
|
|
# are given via Radius, or via explicit-ip? per-user config option then
|
|
|
|
|
# these network values should contain a network with at least a single
|
|
|
|
|
# address that will remain under the full control of ocserv (that is
|
|
|
|
|
# to be able to assign the local part of the tun device address).
|
|
|
|
|
#ipv4-network = 192.168.1.0
|
|
|
|
|
#ipv4-netmask = 255.255.255.0
|
|
|
|
|
|
|
|
|
|
# An alternative way of specifying the network:
|
|
|
|
|
#ipv4-network = 192.168.1.0/24
|
|
|
|
|
|
|
|
|
|
# The IPv6 subnet that leases will be given from.
|
|
|
|
|
#ipv6-network = fda9:4efe:7e3b:03ea::/64
|
|
|
|
|
|
|
|
|
|
# The advertized DNS server. Use multiple lines for
|
|
|
|
|
# multiple servers.
|
|
|
|
|
# dns = fc00::4be0
|
|
|
|
|
@ -308,9 +309,6 @@ default-domain = example.com
|
|
|
|
|
# The NBNS server (if any)
|
|
|
|
|
#nbns = 192.168.1.3
|
|
|
|
|
|
|
|
|
|
# The IPv6 subnet that leases will be given from.
|
|
|
|
|
#ipv6-network = fda9:4efe:7e3b:03ea::/64
|
|
|
|
|
|
|
|
|
|
# The domains over which the provided DNS should be used. Use
|
|
|
|
|
# multiple lines for multiple domains.
|
|
|
|
|
#split-dns = example.com
|
|
|
|
|
@ -384,11 +382,6 @@ ping-leases = false
|
|
|
|
|
#default-user-config = /etc/ocserv/defaults/user.conf
|
|
|
|
|
#default-group-config = /etc/ocserv/defaults/group.conf
|
|
|
|
|
|
|
|
|
|
# This option is only valid in a user/group configuration file. If the
|
|
|
|
|
# auth mode is certificate[optional], it requires a certificate for this
|
|
|
|
|
# particular user or group.
|
|
|
|
|
#require-cert = true
|
|
|
|
|
|
|
|
|
|
# The system command to use to setup a route. %{R} will be replaced with the
|
|
|
|
|
# route/mask and %{D} with the (tun) device.
|
|
|
|
|
#
|
|
|
|
|
|
Nikos Mavrogiannopoulos
10 years ago