27 lines
762 B
Django/Jinja
27 lines
762 B
Django/Jinja
listen-host = {{ dns_name }}
|
|
tcp-port = 443
|
|
server-cert = /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem
|
|
server-key = /etc/letsencrypt/live/{{ dns_name }}/privkey.pem
|
|
|
|
run-as-user = ocserv
|
|
run-as-group = ocserv
|
|
socket-file = /run/ocserv-socket
|
|
chroot-dir = /var/lib/ocserv
|
|
connect-script = /usr/local/bin/ocserv-script
|
|
disconnect-script = /usr/local/bin/ocserv-script
|
|
|
|
device = vpns
|
|
cisco-client-compat = true
|
|
dtls-legacy = true
|
|
compression = true
|
|
isolate-workers = true
|
|
tls-priorities = NORMAL:-VERS-TLS1.0:-VERS-TLS1.1
|
|
|
|
auth = certificate
|
|
ca-cert = /etc/ocserv/ca.crt
|
|
cert-user-oid = 2.5.4.3
|
|
cert-group-oid = 2.5.4.11
|
|
config-per-group = /etc/ocserv/config-per-group/
|
|
default-domain = {{ domain }}
|
|
ipv4-network = {{ vpn.network }}
|
|
route = {{ vpn.network }}
|