-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathserver-sample.toml
110 lines (91 loc) · 2.99 KB
/
server-sample.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Sample configuration information
# Other configuration files, you can use absolute paths
# or relative to the path to the anylink binary
# Database
db_type = "sqlite3"
db_source = "/var/lib/anylink/anylink.db"
# Certificate file
cert_file = "/etc/anylink/vpn_cert.pem"
cert_key = "/etc/anylink/vpn_cert.key"
files_path = "/var/lib/anylink/files"
profile = "/etc/anylink/profile.xml"
# Profile name (Configuration used to distinguish different servers)
# Client storage location
# Windows 10: %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
# Mac OS X: /opt/cisco/anyconnect/profile
# Linux: /opt/cisco/anyconnect/profile
profile_name = "anylink"
# Log directory, default is empty and writes to standard output
log_path = "/var/log"
log_level = "debug"
pprof = true
# System name
issuer = "XXX company VPN"
# Admin users
admin_user = "admin"
# Admin password: 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# Leave it blank to disable OTP.
# After OTP is enabled, the password is password+6-digit OTP.
# Generate OTP: ./anylink tool -o
admin_otp = ""
# Generate JWT: ./anylink tool -s
jwt_secret = "abcdef.0123456789.abcdef"
# Service listening address
server_addr = ":443"
# Turn on DTLS
server_dtls = false
# UDP listening address (any port)
server_dtls_addr = ":443"
# Admin service listening address
admin_addr = ":8800"
# Enable tcp proxy protocol
proxy_protocol = false
link_mode = "tun"
# IP address pool assigned by the client
# The docker environment generally defaults to eth0. In other cases, fill in the information based on the actual network card information.
ipv4_master = "eth0"
ipv4_cidr = "192.168.90.0/24"
ipv4_gateway = "192.168.90.1"
ipv4_start = "192.168.90.100"
ipv4_end = "192.168.90.200"
# Maximum number of clients
max_client = 200
# Number of simultaneous online users for a single user
max_user_client = 3
# IP lease period (seconds)
ip_lease = 86400
# Default selected group
default_group = "one"
# Client failure detection time (seconds) dpd > keepalive
cstp_keepalive = 3
cstp_dpd = 20
mobile_keepalive = 4
mobile_dpd = 60
# Modify according to actual situation
#cstp_keepalive = 20
#cstp_dpd = 30
#mobile_keepalive = 40
#mobile_dpd = 60
# Set maximum transmission unit
mtu = 1460
# Default search domain for client dns
default_domain = "example.com"
#default_domain = "example.com abc.example.com"
# Idle link timeout (seconds) - disconnect the link after timeout, 0 turns off this function
idle_timeout = 0
# Session expiration time, used for disconnection and reconnection, 0 will never expire
session_timeout = 3600
#auth_timeout = 0
audit_interval = 600
show_sql = false
# Whether to automatically add NAT
iptables_nat = true
# Enable compression
compression = false
# Below and equal to how many bytes are not compressed
no_compress_limit = 256
# Client displays detailed error information (be careful to enable online environment)
display_error = false
#Exclude export ip routing (export ip is not encrypted for transmission)
exclude_export_ip = true