diff options
| author | goodNETnick <pknet@ya.ru> | 2022-02-07 02:04:28 -0500 |
|---|---|---|
| committer | goodNETnick <pknet@ya.ru> | 2022-03-16 01:46:26 -0400 |
| commit | b776003cf55e1035ac83186e44f72764e52e9e0d (patch) | |
| tree | 65ce5c16f46ab2471a3345b289b8cac90edded6a /data/templates/ocserv/ocserv_config.tmpl | |
| parent | 0a0d4abc02da89f68d453495ec002d2afecfca7b (diff) | |
| download | vyos-1x-b776003cf55e1035ac83186e44f72764e52e9e0d.tar.gz vyos-1x-b776003cf55e1035ac83186e44f72764e52e9e0d.zip | |
ocserv: T4231: Added OTP support for Openconnect 2FA
Diffstat (limited to 'data/templates/ocserv/ocserv_config.tmpl')
| -rw-r--r-- | data/templates/ocserv/ocserv_config.tmpl | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl index 0be805235..19045c4b4 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -8,6 +8,14 @@ run-as-group = daemon {% if "radius" in authentication.mode %} auth = "radius [config=/run/ocserv/radiusclient.conf]" +{% elif "local" in authentication.mode %} +{% if authentication.mode.local == "password-otp" %} +auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" +{% elif authentication.mode.local == "otp" %} +auth = "plain[otp=/run/ocserv/users.oath]" +{% else %} +auth = "plain[/run/ocserv/ocpasswd]" +{% endif %} {% else %} auth = "plain[/run/ocserv/ocpasswd]" {% endif %} @@ -42,7 +50,8 @@ rekey-method = ssl try-mtu-discovery = true cisco-client-compat = true dtls-legacy = true - +max-ban-score = 80 +ban-reset-time = 300 # The name to use for the tun device device = sslvpn |