diff options
author | Carlos J. Puga Medina <cpm@FreeBSD.org> | 2018-05-14 18:23:23 +0000 |
---|---|---|
committer | Carlos J. Puga Medina <cpm@FreeBSD.org> | 2018-05-14 18:23:23 +0000 |
commit | b81c8a1450521f8c1aba1f018836efc0779354a7 (patch) | |
tree | a211e8feaaff5ea759e165ed463f60eccd4258da /net/ocserv/files/patch-doc_sample.config | |
parent | bd55cb0e005320beee00af9ca465c24b997e957c (diff) | |
download | ports-b81c8a1450521f8c1aba1f018836efc0779354a7.tar.gz ports-b81c8a1450521f8c1aba1f018836efc0779354a7.zip |
net/ocserv: update to 0.12.1
Changelog: https://gitlab.com/ocserv/ocserv/blob/master/NEWS
Tested by: Jov <amutu@amutu.com>
Notes
Notes:
svn path=/head/; revision=469943
Diffstat (limited to 'net/ocserv/files/patch-doc_sample.config')
-rw-r--r-- | net/ocserv/files/patch-doc_sample.config | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/net/ocserv/files/patch-doc_sample.config b/net/ocserv/files/patch-doc_sample.config new file mode 100644 index 000000000000..c511b6163590 --- /dev/null +++ b/net/ocserv/files/patch-doc_sample.config @@ -0,0 +1,76 @@ +--- doc/sample.config.orig 2018-04-15 19:13:39 UTC ++++ doc/sample.config +@@ -19,7 +19,7 @@ + # This enabled PAM authentication of the user. The gid-min option is used + # by auto-select-group option, in order to select the minimum valid group ID. + # +-# plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp] ++# plain[passwd=/usr/local/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp] + # The plain option requires specifying a password file which contains + # entries of the following format. + # "username:groupname1,groupname2:encoded-password" +@@ -102,8 +102,8 @@ udp-port = 443 + + # The user the worker processes will be run as. It should be + # unique (no other services run as this user). +-run-as-user = nobody +-run-as-group = daemon ++run-as-user = _ocserv ++run-as-group = _ocserv + + # socket file used for IPC with occtl. You only need to set that, + # if you use more than a single servers. +@@ -172,16 +172,6 @@ ca-cert = ../tests/certs/ca.pem + ### failures during the reloading time. + + +-# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of +-# system calls allowed to a worker process, in order to reduce damage from a +-# bug in the worker process. It is available on Linux systems at a performance cost. +-# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8). +-# Note however, that process isolation is restricted to the specific libc versions +-# the isolation was tested at. If you get random failures on worker processes, try +-# disabling that option and report the failures you, along with system and debugging +-# information at: https://gitlab.com/ocserv/ocserv/issues +-isolate-workers = true +- + # A banner to be displayed on clients + #banner = "Welcome" + +@@ -530,15 +520,15 @@ no-route = 192.168.5.0/255.255.255.0 + # Note the that following two firewalling options currently are available + # in Linux systems with iptables software. + +-# If set, the script /usr/bin/ocserv-fw will be called to restrict ++# If set, the script /usr/local/bin/ocserv-fw will be called to restrict + # the user to its allowed routes and prevent him from accessing + # any other routes. In case of defaultroute, the no-routes are restricted. +-# All the routes applied by ocserv can be reverted using /usr/bin/ocserv-fw ++# All the routes applied by ocserv can be reverted using /usr/local/bin/ocserv-fw + # --removeall. This option can be set globally or in the per-user configuration. + #restrict-user-to-routes = true + + # This option implies restrict-user-to-routes set to true. If set, the +-# script /usr/bin/ocserv-fw will be called to restrict the user to ++# script /usr/local/bin/ocserv-fw will be called to restrict the user to + # access specific ports in the network. This option can be set globally + # or in the per-user configuration. + #restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()" +@@ -586,13 +576,13 @@ no-route = 192.168.5.0/255.255.255.0 + # hostname to override any proposed by the user. Note also, that, any + # routes, no-routes, DNS or NBNS servers present will overwrite the global ones. + +-#config-per-user = /etc/ocserv/config-per-user/ +-#config-per-group = /etc/ocserv/config-per-group/ ++#config-per-user = /usr/local/etc/ocserv/config-per-user/ ++#config-per-group = /usr/local/etc/ocserv/config-per-group/ + + # When config-per-xxx is specified and there is no group or user that + # matches, then utilize the following configuration. +-#default-user-config = /etc/ocserv/defaults/user.conf +-#default-group-config = /etc/ocserv/defaults/group.conf ++#default-user-config = /usr/local/etc/ocserv/defaults/user.conf ++#default-group-config = /usr/local/etc/ocserv/defaults/group.conf + + # The system command to use to setup a route. %{R} will be replaced with the + # route/mask, %{RI} with the route in CIDR format, and %{D} with the (tun) device. |