+############################################################################
+# NOTE: Do not modify this file to configure ocserv. Add new directives #
+# in /etc/ocserv/ocserv.conf.local and these will be included in ocserv's #
+# configuration #
+############################################################################
+
+
# User authentication method. Could be set multiple times and in that case
# all should succeed.
# Options: certificate, pam.
# radius is in use.
#stats-report-time = 360
+# Stats reset time. The period of time statistics kept by main/sec-mod
+# processes will be reset. These are the statistics shown by cmd
+# 'occtl show stats'. For daily: 86400, weekly: 604800
+# This is unrelated to stats-report-time.
+server-stats-reset-time = 604800
+
# Keepalive in seconds
keepalive = 32400
# The time (in seconds) that a client is allowed to stay connected prior
# to authentication
-auth-timeout = 40
+auth-timeout = 240
# The time (in seconds) that a client is allowed to stay idle (no traffic)
# before being disconnected. Unset to disable.
# locally from an HTTP server (i.e., when listen-clear-file is used).
#
# Set to zero to disable.
-max-ban-score = 50
+max-ban-score = 80
# The time (in seconds) that all score kept for a client is reset.
-ban-reset-time = 300
+ban-reset-time = 1200
# In case you'd like to change the default points.
#ban-points-wrong-password = 10
#ban-points-kkdcp = 1
# Cookie timeout (in seconds)
-# which he can reconnect. That cookie will be invalided if not
-# used within this timeout value. On a user disconnection, that
-# cookie will also be active for this time amount prior to be
-# invalid. That should allow a reasonable amount of time for roaming
-# between different networks.
+# Once a client is authenticated he's provided a cookie with
+# which he can reconnect. That cookie will be invalidated if not
+# used within this timeout value. This cookie remains valid, during
+# the user's connected time, and after user disconnection it
+# remains active for this amount of time. That setting should allow a
+# reasonable amount of time for roaming between different networks.
cookie-timeout = 300
+# If this is enabled (not recommended) the cookies will stay
+# valid even after a user manually disconnects, and until they
+# expire. This may improve roaming with some broken clients.
+#persistent-cookies = true
+
# Whether roaming is allowed, i.e., if true a cookie is
# restricted to a single IP address and cannot be re-used
# from a different IP.
# ReKey time (in seconds)
# ocserv will ask the client to refresh keys periodically once
-# this amount of seconds is elapsed. Set to zero to disable.
+# this amount of seconds is elapsed. Set to zero to disable (note
+# that, some clients fail if rekey is disabled).
rekey-time = 172800
# ReKey method
# it is not in use by another (unrelated to this server) host.
ping-leases = |PING_LEASES|
+# Whether to tunnel all DNS queries via the VPN. This is the default
+# when a default route is set.
+#tunnel-all-dns = true
+
# Unset to assign the default MTU of the device
# mtu =
projects / feed / packages.git / commitdiff