-
-
Save ahmadronaghdev/9ebfd2e257a75300922bde0e71da78ce to your computer and use it in GitHub Desktop.
Revisions
-
methou created this gist
Jul 21, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,39 @@ auth = "plain[/etc/ocserv/ocpasswd]" max-clients = 16 max-same-clients = 5 tcp-port = 443 udp-port = 443 keepalive = 32400 dpd = 90 mobile-dpd = 1800 try-mtu-discovery = true server-cert = /etc/ssl/certs/server-cert.pem server-key = /etc/ssl/private/server-key.pem tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT" auth-timeout = 40 use-utmp = true pid-file = /var/run/ocserv.pid socket-file = /var/run/ocserv-socket run-as-user = nobody run-as-group = nogroup device = vpns ipv4-network = 10.88.0.0 ipv4-netmask = 255.255.255.0 dns = 8.8.8.8 dns = 8.8.4.4 # link-local ipv6, replace with real ones ipv6-network = fe80:: ipv6-prefix = 64 ipv6-dns = 2600:3c00::2 ipv6-dns = 2600:3c00::3 output-buffer = 10 route-add-cmd = "ip route add %R dev %D" route-del-cmd = "ip route delete %R dev %D" user-profile = /etc/ocserv/profile.xml cisco-client-compat = true # lower UDP MTU may improve performance, slightly. custom-header = "X-DTLS-MTU: 1360" # CSTP is over TCP, so you can use a slightly larger MTU custom-header = "X-CSTP-MTU: 1420" # allow user-side lan custom-header = "X-CSTP-Split-Exclude: 192.168.0.0/255.255.255.0"
methou
created
this gist