diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-04-09 13:42:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-09 13:42:17 +0200 |
| commit | 139ab816466053d73cb8a68fe4af3de39d98d306 (patch) | |
| tree | 3c4d301633c2307e677b4266dfe1ca5094717b76 /data/templates/ocserv/ocserv_config.tmpl | |
| parent | f9ebccd2ef0b144617b5f4acf79d37502114d34a (diff) | |
| parent | 1da9cc02d7c83898c267070618e2cc91e16eb1cf (diff) | |
| download | vyos-1x-139ab816466053d73cb8a68fe4af3de39d98d306.tar.gz vyos-1x-139ab816466053d73cb8a68fe4af3de39d98d306.zip | |
Merge pull request #1242 from goodNETnick/ocserv_local_otp
ocserv: T4231: Added OTP support for Openconnect 2FA
Diffstat (limited to 'data/templates/ocserv/ocserv_config.tmpl')
| -rw-r--r-- | data/templates/ocserv/ocserv_config.tmpl | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl index 0be805235..19045c4b4 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -8,6 +8,14 @@ run-as-group = daemon {% if "radius" in authentication.mode %} auth = "radius [config=/run/ocserv/radiusclient.conf]" +{% elif "local" in authentication.mode %} +{% if authentication.mode.local == "password-otp" %} +auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" +{% elif authentication.mode.local == "otp" %} +auth = "plain[otp=/run/ocserv/users.oath]" +{% else %} +auth = "plain[/run/ocserv/ocpasswd]" +{% endif %} {% else %} auth = "plain[/run/ocserv/ocpasswd]" {% endif %} @@ -42,7 +50,8 @@ rekey-method = ssl try-mtu-discovery = true cisco-client-compat = true dtls-legacy = true - +max-ban-score = 80 +ban-reset-time = 300 # The name to use for the tun device device = sslvpn |