-
-
Save bao3/fa806803948cb4cab333 to your computer and use it in GitHub Desktop.
ocserv.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
auth = "certificate" | |
#use-dbus=true | |
#Added @05-10-2014 | |
#加入这个后就可以使用occtl了 | |
#occtl reload && occtl stop now | |
use-occtl = true | |
occtl-socket-file = /var/run/occtl.socket | |
# seccomp default : true | |
#关闭这个可以提高性能,牺牲一丁点安全,更可以避免无法启动的情况(遇到过的都知道那痛苦) | |
use-seccomp = false | |
# | |
listen-host = 0.0.0.0 | |
max-clients = 36 | |
max-same-clients = 4 | |
tcp-port = 443 | |
udp-port = 443 | |
keepalive = 32400 | |
dpd = 60 | |
mobile-dpd = 1800 | |
#故意为空 | |
mobile-idle-timeout = | |
deny-roaming = false | |
try-mtu-discovery = true | |
server-cert = server-cert.pem | |
server-key = server-key.pem | |
ca-cert = ca-cert.pem | |
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT" | |
auth-timeout = 40 | |
rekey-time = 172800 | |
rekey-method = ssl | |
use-utmp = true | |
pid-file = /var/run/ocserv.pid | |
socket-file = /var/run/ocserv-socket | |
user-profile = /usr/local/etc/ocserv/profile.xml | |
run-as-user = nobody | |
run-as-group = nogroup | |
net-priority = 5 | |
cgroup = "cpuset,cpu:test" | |
device = CiscoSSL | |
predictable-ips = true | |
default-domain = 你的默认域名(与你的证书里的一定要一样,否则奇葩bug) | |
ipv4-network = 192.168.100.1 | |
ipv4-netmask = 255.255.255.0 | |
dns = 208.67.222.222 | |
ping-leases = false | |
cisco-client-compat = true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment