ocserv服务器配置实例

### ocserv.conf

```bash
[root@localhost ~]# cat  /etc/ocserv/ocserv.conf | grep -v "^[[:space:]].*#" | grep -v "^#" | grep -v "^$" | grep -v "route"
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
enable-auth = "certificate"
tcp-port = 443
run-as-user = ocserv
run-as-group = nobody
socket-file = ocserv.sock
chroot-dir = /var/lib/ocserv
isolate-workers = false
max-clients = 2048
max-same-clients = 2
keepalive = 32400
dpd = 30
mobile-dpd = 90
switch-to-tcp-timeout = 25
try-mtu-discovery = true
#可信证书申请apache类型ssl证书
server-cert = /etc/ocserv/6101359__localnetwork.cn_public.crt
server-key = /etc/ocserv/6101359__localnetwork.cn.key
ca-cert = /etc/ocserv/Apache/6101359__localnetwork.cn_chain.crt
cert-user-oid = 0.9.2342.19200300.100.1.1
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
auth-timeout = 240
session-timeout = 14400
min-reauth-time = 1200
max-ban-score = 0
ban-reset-time = 1200
cookie-timeout = 86400
persistent-cookies = true
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /var/run/ocserv.pid
device = vpns
predictable-ips = true
default-domain = example.com
ipv4-network = 10.200.0.0
ipv4-netmask = 255.255.255.0
ipv4-network = 10.200.0.0/16
dns = 114.114.114.114
dns = 8.8.8.8
ping-leases = false
cisco-client-compat = true
dtls-legacy = true
user-profile = profile.xml

route = 192.168.0.0/255.255.0.0
route = 192.168.1.123/255.255.255.255
route = 172.16.0.0/255.255.0.0
route = 172.18.1.0/255.255.255.0
route = 10.0.0.0/255.0.0.0
```