this mostly is the config shipped by debian, I’ve only touched the certificate and key files path, plus authentication type. Regards —— config (0.12.2-3 debian gnu/linux rel. buster) —— auth = "certificate" tcp-port = 443 udp-port = 443 run-as-user = nobody run-as-group = daemon socket-file = /run/ocserv.socket server-cert = /etc/letsencrypt/live/www.strauss-engineering.ch/fullchain.pem server-key = /etc/letsencrypt/live/www.strauss-engineering.ch/privkey.pem dh-params = /etc/ocserv/dh.pem isolate-workers = true max-clients = 128 max-same-clients = 2 server-stats-reset-time = 604800 keepalive = 300 dpd = 60 mobile-dpd = 300 switch-to-tcp-timeout = 30 try-mtu-discovery = false cert-user-oid = 0.9.2342.19200300.100.1.1 compression = true no-compress-limit = 256 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" auth-timeout = 240 idle-timeout = 1200 mobile-idle-timeout = 1800 min-reauth-time = 3 max-ban-score = 50 ban-reset-time = 300 cookie-timeout = 300 deny-roaming = false rekey-time = 172800 rekey-method = ssl use-occtl = true pid-file = /run/ocserv.pid device = vpns predictable-ips = true default-domain = strauss-engineering.ch ipv4-network = 192.168.1.0 ipv4-netmask = 255.255.255.0 dns = 8.8.8.8 dns = 8.8.4.4 ping-leases = false route = 10.0.0.0/8 route = 172.16.0.0/12 route = 192.168.0.0/16 cisco-client-compat = true dtls-legacy = true -- Philippe Strauss https://www.strauss-engineering.ch _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
