SSL VPN OpenConnect, AnyConnect compatible server 901 Authentication for remote access SSL VPN Server Authentication mode used by this server Use local username/password configuration (OTP supported) password Password-only local authentication otp OTP-only local authentication password-otp Password (first) + OTP local authentication (password|otp|password-otp) Invalid authentication mode. Must be one of: password, otp or password-otp otp password password-otp Use RADIUS server for user autentication Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute. txt Group string. The group may be followed by a user-friendly name in brackets: group1[First Group] #include 2FA OTP authentication parameters Token Key Secret key for the token algorithm (see RFC 4226) txt OTP key in hex-encoded format [a-fA-F0-9]{20,10000} Key name must only include hex characters and be at least 20 characters long Number of digits in OTP code u32:6-8 Number of digits in OTP code Number of digits in OTP code must be between 6 and 8 6 Time tokens interval in seconds u32:5-86400 Time tokens interval in seconds. Time token interval must be between 5 and 86400 seconds 30 Token type hotp-time Time-based OTP algorithm hotp-event Event-based OTP algorithm (hotp-time|hotp-event) hotp-time hotp-event hotp-time #include Session timeout u32:1-240 Session timeout in seconds (default: 2) Timeout must be between 1 and 240 seconds 2 If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius. #include 0.0.0.0 Specify custom ports to use for client connections tcp port number to accept connections u32:1-65535 Numeric IP port 443 udp port number to accept connections u32:1-65535 Numeric IP port 443 SSL Certificate, SSL Key and CA #include #include Network settings Route to be pushed to the client ipv4net IPv4 network and prefix length ipv6net IPv6 network and prefix length Client IP pools settings Client IP subnet (CIDR notation) ipv4net IPv4 address and prefix length Not a valid CIDR formatted prefix Pool of client IPv6 addresses Pool of addresses used to assign to clients ipv6net IPv6 address and prefix length Prefix length used for individual client u32:48-128 Client prefix length 64 #include Domains over which the provided DNS should be used txt Client prefix length If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set. yes no yes Enable tunneling of all DNS traffic no Disable tunneling of all DNS traffic (yes|no) no