Example OpenConnect Server configuration

example.ocserv.conf

auth = "plain[/etc/ocserv/ocpasswd]"
max-clients = 16
max-same-clients = 5
tcp-port = 443
udp-port = 443
keepalive = 32400
dpd = 90
mobile-dpd = 1800
try-mtu-discovery = true
server-cert = /etc/ssl/certs/server-cert.pem
server-key = /etc/ssl/private/server-key.pem
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT"
auth-timeout = 40
use-utmp = true
pid-file = /var/run/ocserv.pid
socket-file = /var/run/ocserv-socket
run-as-user = nobody
run-as-group = nogroup
device = vpns
ipv4-network = 10.88.0.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 8.8.4.4
# link-local ipv6, replace with real ones
ipv6-network = fe80::
ipv6-prefix = 64
ipv6-dns = 2600:3c00::2
ipv6-dns = 2600:3c00::3
output-buffer = 10
route-add-cmd = "ip route add %R dev %D"
route-del-cmd = "ip route delete %R dev %D"
user-profile = /etc/ocserv/profile.xml
cisco-client-compat = true
# lower UDP MTU may improve performance, slightly.
custom-header = "X-DTLS-MTU: 1360"
# CSTP is over TCP, so you can use a slightly larger MTU
custom-header = "X-CSTP-MTU: 1420"
# allow user-side lan
custom-header = "X-CSTP-Split-Exclude: 192.168.0.0/255.255.255.0"