Skip to content

Instantly share code, notes, and snippets.

@luginbash
Last active August 29, 2015 14:07
Show Gist options
  • Save luginbash/98bd55f456daa6adadd3 to your computer and use it in GitHub Desktop.
Save luginbash/98bd55f456daa6adadd3 to your computer and use it in GitHub Desktop.
OpenConnect Server Configuration
auth = "certificate"
ca-cert = /etc/ocserv/ca.pem
server-cert = /etc/ocserv/sfo3.pem
server-key = /etc/ocserv/sfo3.key
dh-params = /etc/ocserv/dh.pem
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%NORMAL:-VERS-SSL3.0:-EXPORT"
predictable-ips = true
compression = true
max-clients = 16
max-same-clients = 5
listen-host = <IPv6 Address>
listen-host = <IPv6 Address>
listen-host = <DNS Name>
tcp-port = 443
udp-port = 443
keepalive = 32400
dpd = 90
mobile-dpd = 300
try-mtu-discovery = true
auth-timeout = 40
use-utmp = true
pid-file = /var/run/ocserv.pid
socket-file = /var/run/ocserv-socket
run-as-user = nobody
run-as-group = nogroup
device = vpns
ipv4-network = 172.17.0.0
ipv4-netmask = 255.255.255.0
dns = 8.8.8.8
dns = 8.8.4.4
output-buffer = 10
user-profile = /etc/ocserv/profile.xml
cisco-client-compat = true
custom-header = "X-DTLS-MTU: 1360"
custom-header = "X-CSTP-MTU: 1360"
custom-header = "X-CSTP-Split-Exclude: 192.168.0.0/255.255.0.0"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment