SSL VPN OpenConnect, AnyConnect compatible server 901 Accounting for users OpenConnect VPN Sessions Accounting mode used by this server Use RADIUS server for accounting #include Authentication for remote access SSL VPN Server Authentication mode used by this server Use local username/password configuration (OTP supported) password Password-only local authentication otp OTP-only local authentication password-otp Password (first) + OTP local authentication (password|otp|password-otp) Invalid authentication mode. Must be one of: password, otp or password-otp otp password password-otp Use RADIUS server for user autentication Include configuration file by username or RADIUS group attribute #include Select per user or per group configuration file - ignored if authentication group is configured user group user Match configuration file on username group Match RADIUS response class attribute as file name (user|group) Invalid mode, must be either user or group Directory to containing configuration files path Path to configuration directory, must be under /config/auth Default configuration if discrete config could not be found filename Default configuration filename, must be under /config/auth Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute. txt Group string. The group may be followed by a user-friendly name in brackets: group1[First Group] #include 2FA OTP authentication parameters Token Key Secret key for the token algorithm (see RFC 4226) txt OTP key in hex-encoded format [a-fA-F0-9]{20,10000} Key name must only include hex characters and be at least 20 characters long Number of digits in OTP code u32:6-8 Number of digits in OTP code Number of digits in OTP code must be between 6 and 8 6 Time tokens interval in seconds u32:5-86400 Time tokens interval in seconds. Time token interval must be between 5 and 86400 seconds 30 Token type hotp-time Time-based OTP algorithm hotp-event Event-based OTP algorithm (hotp-time|hotp-event) hotp-time hotp-event hotp-time #include #include If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS. #include 0.0.0.0 Specify custom ports to use for client connections tcp port number to accept connections u32:1-65535 Numeric IP port 443 udp port number to accept connections u32:1-65535 Numeric IP port 443 Enable HTTP security headers SSL Certificate, SSL Key and CA #include #include Network settings Route to be pushed to the client ipv4net IPv4 network and prefix length ipv6net IPv6 network and prefix length Client IP pools settings Client IP subnet (CIDR notation) ipv4net IPv4 address and prefix length Not a valid CIDR formatted prefix Pool of client IPv6 addresses Pool of addresses used to assign to clients ipv6net IPv6 address and prefix length Prefix length used for individual client u32:48-128 Client prefix length 64 #include Domains over which the provided DNS should be used txt Client prefix length If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set. yes no yes Enable tunneling of all DNS traffic no Disable tunneling of all DNS traffic (yes|no) no