You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »



#/etc/ocserv/ocserv.conf

auth = "radius [config=/etc/radcli/radiusclient.conf,groupconfig=true]"
acct = "radius [config=/etc/radcli/radiusclient.conf,groupconfig=true]"
tcp-port = 443
run-as-user = nobody
run-as-group = daemon
socket-file = /run/ocserv.socket
server-cert = /etc/letsencrypt/live/yourdomain.com/fullchain.pem
server-key = /etc/letsencrypt/live/yourdomain.com/privkey.pem
server-cert = /etc/letsencrypt/live/yourdomain.com/fullchain.pem
server-key = /etc/letsencrypt/live/yourdomain.com/privkey.pem
isolate-workers = true
max-same-clients = 2
stats-report-time = 60
server-stats-reset-time = 604800
keepalive = 30
dpd = 60
mobile-dpd = 300
switch-to-tcp-timeout = 25
try-mtu-discovery = true
cert-user-oid = 0.9.2342.19200300.100.1.1
compression = true
no-compress-limit = 1024
auth-timeout = 240
idle-timeout = 12000
mobile-idle-timeout = 18000
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 300
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = yourdomain.com
ipv4-network = 192.168.4.0
ipv4-netmask = 255.255.252.0
dns = 1.1.1.1
dns = 4.2.2.4
ping-leases = false
rx-data-per-sec = 950000
tx-data-per-sec = 950000
cisco-client-compat = true
dtls-legacy = true


#/etc/radcli/radiusclient.conf

nas-identifier  cisco-anyconnect
nas-ip  187.207.103.2
authserver      dc.ir.ibsng.cloud:1812
acctserver      dc.ir.ibsng.cloud:1813
servers         /etc/radcli/servers
dictionary      /etc/radcli/dictionary
default_realm
radius_timeout  5
radius_retries  1

#/etc/radcli/servers

dc.ir.ibsng.cloud    IBSng@!


  • No labels