Skip to content

Instantly share code, notes, and snippets.

@bao3
Last active September 21, 2017 02:59
Show Gist options
  • Save bao3/b917bf978d7f50ed8738 to your computer and use it in GitHub Desktop.
Save bao3/b917bf978d7f50ed8738 to your computer and use it in GitHub Desktop.
用于 ocserv的profile.xml,会自动被思科客户端读取。这个配置文件有两个服务地址( VPN Server和 Full VPN Server),前者是区分路由模式的,后者是同一台服务不同端口的完全走VPN的模式。你可以在此基础上加入休眠后自动恢复项等等,但是请切记,一旦你改错了这个文档就会造成服务器不认证书或者客户端干脆禁止你连接。救赎的方法。。。。可耻的匿了。
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<StrictCertificateTrust>false</StrictCertificateTrust>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
<CertificateMatch>
<KeyUsage>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
<!--
下面这段是用来给有多台VPN URL的人使用,这个设置的意思是用来自动选择低延迟的服务器。
如下的例子是,当一个vpn中断了4小时后就启动检测机制,在多台服务器里挑选延低20%的那台。
<EnableAutomaticServerSelection UserControllable="true">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
-->
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostAddress>anyconnect.abc.org</HostAddress>
<HostName>FULL VPN Server</HostName>
<HostAddress>anyconnect.abc.org:4430</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>
@bob0627
Copy link

bob0627 commented Oct 4, 2015

呃一直好奇如何才能同一台服务器上运行两个ocserv进程,一个区分路由,一个全局代理。
楼主知道应该怎么配置吗?

@younglinuxer
Copy link

docker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment