diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-05-01 20:42:45 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-05-01 20:42:45 +0200 |
| commit | 01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29 (patch) | |
| tree | a27b8384d224819dc93ada5ede8c92c3aaee1e75 /data/templates/ocserv/ocserv_config.tmpl | |
| parent | 780d4fe16cd8471ca4fd27ba43fea998ef0240f0 (diff) | |
| download | vyos-1x-01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29.tar.gz vyos-1x-01bdf2dfdb09bf9dd7ca4e7b49def302b2cd7c29.zip | |
openconnect: T4353: fix Jinja2 linting errors
Diffstat (limited to 'data/templates/ocserv/ocserv_config.tmpl')
| -rw-r--r-- | data/templates/ocserv/ocserv_config.tmpl | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl deleted file mode 100644 index 05b85a610..000000000 --- a/data/templates/ocserv/ocserv_config.tmpl +++ /dev/null @@ -1,91 +0,0 @@ -### generated by vpn_openconnect.py ### - -tcp-port = {{ listen_ports.tcp }} -udp-port = {{ listen_ports.udp }} - -run-as-user = nobody -run-as-group = daemon - -{% if "radius" in authentication.mode %} -auth = "radius [config=/run/ocserv/radiusclient.conf]" -{% elif "local" in authentication.mode %} -{% if authentication.mode.local == "password-otp" %} -auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]" -{% elif authentication.mode.local == "otp" %} -auth = "plain[otp=/run/ocserv/users.oath]" -{% else %} -auth = "plain[/run/ocserv/ocpasswd]" -{% endif %} -{% else %} -auth = "plain[/run/ocserv/ocpasswd]" -{% endif %} - -{% if ssl.certificate is vyos_defined %} -server-cert = /run/ocserv/cert.pem -server-key = /run/ocserv/cert.key -{% if ssl.passphrase is vyos_defined %} -key-pin = {{ ssl.passphrase }} -{% endif %} -{% endif %} - -{% if ssl.ca_certificate is vyos_defined %} -ca-cert = /run/ocserv/ca.pem -{% endif %} - -socket-file = /run/ocserv/ocserv.socket -occtl-socket-file = /run/ocserv/occtl.socket -use-occtl = true -isolate-workers = true -keepalive = 300 -dpd = 60 -mobile-dpd = 300 -switch-to-tcp-timeout = 30 -tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128" -auth-timeout = 240 -idle-timeout = 1200 -mobile-idle-timeout = 1800 -min-reauth-time = 3 -cookie-timeout = 300 -rekey-method = ssl -try-mtu-discovery = true -cisco-client-compat = true -dtls-legacy = true -max-ban-score = 80 -ban-reset-time = 300 - -# The name to use for the tun device -device = sslvpn - -# An alternative way of specifying the network: -{% if network_settings %} -# DNS settings -{% if network_settings.name_server is string %} -dns = {{ network_settings.name_server }} -{% else %} -{% for dns in network_settings.name_server %} -dns = {{ dns }} -{% endfor %} -{% endif %} -# IPv4 network pool -{% if network_settings.client_ip_settings %} -{% if network_settings.client_ip_settings.subnet %} -ipv4-network = {{ network_settings.client_ip_settings.subnet }} -{% endif %} -{% endif %} -# IPv6 network pool -{% if network_settings.client_ipv6_pool %} -{% if network_settings.client_ipv6_pool.prefix %} -ipv6-network = {{ network_settings.client_ipv6_pool.prefix }} -ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }} -{% endif %} -{% endif %} -{% endif %} - -{% if network_settings.push_route is string %} -route = {{ network_settings.push_route }} -{% else %} -{% for route in network_settings.push_route %} -route = {{ route }} -{% endfor %} -{% endif %} - |