1 files changed, 19 insertions, 1 deletions

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index e0cad5181..3194354e6 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -1,5 +1,9 @@
 ### generated by vpn_openconnect.py ###
 
+{% if listen_address is vyos_defined %}
+listen-host = {{ listen_address }}
+{% endif %}
+
 tcp-port = {{ listen_ports.tcp }}
 udp-port = {{ listen_ports.udp }}
 
@@ -7,7 +11,7 @@ run-as-user = nobody
 run-as-group = daemon
 
 {% if "radius" in authentication.mode %}
-auth = "radius [config=/run/ocserv/radiusclient.conf]"
+auth = "radius [config=/run/ocserv/radiusclient.conf{{ ',groupconfig=true' if authentication.radius.groupconfig is vyos_defined else '' }}]"
 {% elif "local" in authentication.mode %}
 {%     if authentication.mode.local == "password-otp" %}
 auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]"
@@ -62,6 +66,13 @@ device = sslvpn
 dns = {{ dns }}
 {%     endfor %}
 {% endif %}
+{% if network_settings.tunnel_all_dns is vyos_defined %}
+{%     if "yes" in network_settings.tunnel_all_dns %}
+tunnel-all-dns = true
+{%     else %}
+tunnel-all-dns = false
+{%     endif %}
+{% endif %}
 
 # IPv4 network pool
 {% if network_settings.client_ip_settings.subnet is vyos_defined %}
@@ -85,3 +96,10 @@ route = {{ route }}
 split-dns = {{ tmp }}
 {%     endfor %}
 {% endif %}
+
+{% if authentication.group is vyos_defined %}
+# Group settings
+{%     for grp in authentication.group %}
+select-group = {{ grp }}
+{%     endfor %}
+{% endif %}
\ No newline at end of file