Skip to content

Instantly share code, notes, and snippets.

@falseen
Forked from bao3/profile.xml
Created June 12, 2016 03:10
Show Gist options
  • Save falseen/93cbb9f10a1a51aea7eff5bab6e67204 to your computer and use it in GitHub Desktop.
Save falseen/93cbb9f10a1a51aea7eff5bab6e67204 to your computer and use it in GitHub Desktop.
用于 ocserv的profile.xml,会自动被思科客户端读取。这个配置文件有两个服务地址( VPN Server和 Full VPN Server),前者是区分路由模式的,后者是同一台服务不同端口的完全走VPN的模式。你可以在此基础上加入休眠后自动恢复项等等,但是请切记,一旦你改错了这个文档就会造成服务器不认证书或者客户端干脆禁止你连接。救赎的方法。。。。可耻的匿了。
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<StrictCertificateTrust>false</StrictCertificateTrust>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
<CertificateMatch>
<KeyUsage>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
<!--
下面这段是用来给有多台VPN URL的人使用,这个设置的意思是用来自动选择低延迟的服务器。
如下的例子是,当一个vpn中断了4小时后就启动检测机制,在多台服务器里挑选延低20%的那台。
<EnableAutomaticServerSelection UserControllable="true">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
-->
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostAddress>anyconnect.abc.org</HostAddress>
<HostName>FULL VPN Server</HostName>
<HostAddress>anyconnect.abc.org:4430</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment