# apt install ocserv
# /etc/ocserv/ocserv.conf
auth = "radius [config=/etc/radcli/radiusclient.conf,groupconfig=true]"
acct = "radius [config=/etc/radcli/radiusclient.conf,groupconfig=true]"
tcp-port = 443
run-as-user = nobody
run-as-group = daemon
socket-file = /run/ocserv.socket
server-cert = /etc/letsencrypt/live/yourdomain.com/fullchain.pem
server-key = /etc/letsencrypt/live/yourdomain.com/privkey.pem
server-cert = /etc/letsencrypt/live/yourdomain.com/fullchain.pem
server-key = /etc/letsencrypt/live/yourdomain.com/privkey.pem
isolate-workers = true
max-same-clients = 2
stats-report-time = 60
server-stats-reset-time = 604800
keepalive = 30
dpd = 60
mobile-dpd = 300
switch-to-tcp-timeout = 25
try-mtu-discovery = true
cert-user-oid = 0.9.2342.19200300.100.1.1
compression = true
no-compress-limit = 1024
auth-timeout = 240
idle-timeout = 12000
mobile-idle-timeout = 18000
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = yourdomain.com
ipv4-network = 192.168.4.0
ipv4-netmask = 255.255.252.0
dns = 1.1.1.1
dns = 4.2.2.4
ping-leases = false
rx-data-per-sec = 950000
tx-data-per-sec = 950000
cisco-client-compat = true
dtls-legacy = true
...
dc.ir.ibsng.cloud IBSng@!
#systemctl # systemctl restart ocserv