mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-26 01:59:53 +03:00
Reworking the EAP CN matching option from admin options to extended options
This commit is contained in:
parent
0a60cdf141
commit
26403c70e3
@ -45,7 +45,6 @@ static bool g_vgs_emb_tag = false;
|
||||
ADMIN_OPTION admin_options[] =
|
||||
{
|
||||
{"allow_hub_admin_change_option", 0},
|
||||
{"allow_eap_tls_match_user_by_cert", 0},
|
||||
{"max_users", 0},
|
||||
{"max_multilogins_per_user", 0},
|
||||
{"max_groups", 0},
|
||||
@ -617,6 +616,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
|
||||
GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog);
|
||||
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
|
||||
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
|
||||
GetHubAdminOptionDataAndSet(ao, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
|
||||
}
|
||||
|
||||
// Convert the contents of the HUB_OPTION to data
|
||||
@ -691,6 +691,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
|
||||
Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
|
||||
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
|
||||
Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
|
||||
Add(aol, NewAdminOption("AllowEapMatchUserByCert", o->AllowEapMatchUserByCert));
|
||||
|
||||
Zero(ao, sizeof(RPC_ADMIN_OPTION));
|
||||
|
||||
|
@ -182,6 +182,7 @@ struct HUB_OPTION
|
||||
bool NoPhysicalIPOnPacketLog; // Disable saving physical IP address on the packet log
|
||||
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
|
||||
bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption
|
||||
bool AllowEapMatchUserByCert; // Allow matching EAP Identity with user certificate CNs
|
||||
};
|
||||
|
||||
// MAC table entry
|
||||
|
@ -1295,7 +1295,7 @@ bool PPPProcessEAPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req
|
||||
AcLock(hub);
|
||||
{
|
||||
USER *user = AcGetUser(hub, p->Eap_Identity.UserName);
|
||||
if (user == NULL && GetHubAdminOption(hub, "allow_eap_tls_match_user_by_cert") == true)
|
||||
if (user == NULL && hub->Option->AllowEapMatchUserByCert == true)
|
||||
{
|
||||
user = AcGetUserByCert(hub, p->Eap_Identity.UserName);
|
||||
if (user != NULL)
|
||||
|
@ -3932,6 +3932,7 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
|
||||
o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog");
|
||||
o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
|
||||
o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
|
||||
o->AllowEapMatchUserByCert = CfgGetBool(f, "AllowEapMatchUserByCert");
|
||||
|
||||
// Enabled by default
|
||||
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
|
||||
@ -4037,6 +4038,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
|
||||
CfgAddBool(f, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum);
|
||||
CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
|
||||
CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
|
||||
CfgAddBool(f, "AllowEapMatchUserByCert", o->AllowEapMatchUserByCert);
|
||||
}
|
||||
|
||||
// Write the user
|
||||
@ -7521,6 +7523,7 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
|
||||
o.DisableCorrectIpOffloadChecksum = PackGetBool(p, "DisableCorrectIpOffloadChecksum");
|
||||
o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
|
||||
o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
|
||||
o.AllowEapMatchUserByCert = PackGetBool(p, "AllowEapMatchUserByCert");
|
||||
|
||||
save_packet_log = PackGetInt(p, "SavePacketLog");
|
||||
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
|
||||
@ -9355,6 +9358,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
|
||||
PackAddData(p, "SecurePassword", h->SecurePassword, SHA1_SIZE);
|
||||
PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
|
||||
PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
|
||||
PackAddBool(p, "AllowEapMatchUserByCert", h->Option->AllowEapMatchUserByCert);
|
||||
|
||||
SiAccessListToPack(p, h->AccessList);
|
||||
|
||||
|
@ -469,7 +469,6 @@ NATT_MSG ** 使用 NAT 穿透 (UDP 打洞) - 它可能是不稳定的 **\r\n
|
||||
HUB_AO_CLICK 选择一个项目,查看这里的描述。
|
||||
HUB_AO_UNKNOWN 该项目的描述没有被发现。请参阅文件,或从该项目的名称推测项目的意思和目的。
|
||||
HUB_AO_allow_hub_admin_change_option 这是一个特殊项目。如果你启用(设置为1)这个选项,那么不但 VPN Server 的全球管理员,而且虚拟 HUB 的管理员,都将被他自己准予修改虚拟 HUB 管理选项。
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option 如果你启用(设置为1)这个选项,虚拟 HUB 的管理员将被禁止修改在虚拟 HUB 扩展选项上的任何值,那么只有 VPN Server 的全球管理员可以对其进行修改。
|
||||
HUB_AO_no_delay_jitter_packet_loss 如果您将此选项设置为非零值,在访问列表条目中的延迟、时基误差和数据包丢失的所有参数将被忽略,即使这些参数是在管理员添加新的访问列表条目时设置的。因此,延迟、时基误差和数据包丢失的生成函数实际中将被禁用。由于延迟生成函数有时会让 CPU 和 RAM 产生高负载量,由多个用户共享的一个虚拟 HUB 上应该启用此选项。
|
||||
HUB_AO_max_users 如果您将此选项设置为非零值,在虚拟 HUB 上用户对象注册的最大数量将被限制在这个值,那么用户对象的数量如果大于这个值则不能被添加。
|
||||
@ -571,6 +570,7 @@ HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value,
|
||||
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
||||
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.)
|
||||
HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identifier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied.
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
|
||||
|
@ -465,7 +465,6 @@ NATT_MSG ** Connected with NAT traversal - might be unstable **\r\n\r\nThis V
|
||||
HUB_AO_CLICK Select an item to view the description here.
|
||||
HUB_AO_UNKNOWN The description of the item was not found. Refer to the documents, or speculate the meaning and purpose of the item from the name of the item.
|
||||
HUB_AO_allow_hub_admin_change_option This is a special item. If you are enable (set to 1) this option, then not only the VPN Server's global administrator but also the Virtual Hub's administrator will be granted to modify the Virtual Hub Admin Options by himself.
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option If you are enable (set to 1) this option, the Virtual Hub's administrator will be forbidden to modify any values on the Virtual Hub Extended Options, then only the VPN Server's global administrator can modify them.
|
||||
HUB_AO_no_delay_jitter_packet_loss If you set this option to non-zero value, then all parameters of delay, jitter and packet-loss on the access-list entry will be ignored even if these parameters are set when the administrator adds a new access list entry. Therefore, delay, jitter and packet-loss generating function will be virtually disabled. Because of the delay generating function sometimes make a high volume of load on the CPU and RAM, a Virtual Hub which is shared by several users should have this option enabled.
|
||||
HUB_AO_max_users If you set this option to non-zero value, the maximum number of user objects registered on the Virtual Hub will be limited to this value, then greater number of user objects than this value cannot be added.
|
||||
@ -569,6 +568,7 @@ HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value,
|
||||
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
||||
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.)
|
||||
HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identifier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied.
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
# Concerning failed connection dialogs
|
||||
|
@ -487,7 +487,6 @@ NATT_MSG ** NAT Traversal 接続 - 安定性低下の可能性があります
|
||||
HUB_AO_CLICK 項目名を 1 つ選択すると、その項目名に関する説明文が表示されます。
|
||||
HUB_AO_UNKNOWN この項目に関する説明文が見つかりませんでした。ドキュメント等を参照するか、項目名をもとに意味・内容を推測して利用してください。
|
||||
HUB_AO_allow_hub_admin_change_option この項目は特殊です。この項目が 1 (有効) の場合は、VPN Server 全体の管理者だけでなく仮想 HUB の管理者も自ら仮想 HUB 管理オプションを変更することができるようになります。
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option この項目が 1 (有効) の場合は、仮想 HUB の管理者は仮想 HUB の拡張オプションの設定を変更することができなくなり、VPN Server 全体の管理者のみが仮想 HUB の拡張オプションの設定を変更することができるようになります。
|
||||
HUB_AO_no_delay_jitter_packet_loss この項目が 1 以上に設定されている場合は、仮想 HUB のアクセスリストを追加する際に遅延・ジッタ・パケットロスを生成させるためのパラメータが設定されている場合であっても、それらの値をすべて削除します。これにより、遅延・パケットロス生成機能が実質的に無効になります。遅延・パケットロス生成機能は VPN Server の CPU およびメモリ使用率を高くする可能性があるため、多くのユーザーで共有する仮想 HUB の場合は、高負荷を避けるためにこのオプションを使用してください。
|
||||
HUB_AO_max_users この項目が 1 以上に設定されている場合は、仮想 HUB に登録できるユーザーの最大数がこの項目の指定数に制限され、それ以上のユーザーオブジェクトを登録することはできなくなります。
|
||||
@ -589,6 +588,7 @@ HUB_AO_DetectDormantSessionInterval この項目が 0 以外の場合は、指
|
||||
HUB_AO_NoPhysicalIPOnPacketLog この項目が 1 (有効) の場合は、パケットログに送信元および宛先 VPN セッションの物理的な接続元 VPN クライアントの IP アドレスが記録されないようになります。
|
||||
HUB_AO_UseHubNameAsDhcpUserClassOption この項目が 1 (有効) の場合は、仮想 HUB は DHCP サーバーに対して IP アドレスの取得を要求する際に仮想 HUB 名を DHCP パケットの "User-Class" オプションに埋め込むようになります。この機能は、複数の仮想 HUB がある場合に、DHCP サーバーがそれぞれの仮想 HUB 用に IP プールを確保する場合に便利です。(L2TP/IPsec および OpenVPN セッションのみ対応。)
|
||||
HUB_AO_UseHubNameAsRadiusNasId この項目が 1 (有効) の場合は、NAS-Identifier RADIUS 属性に仮想 HUB 名が埋め込まれます。この機能は、RADIUS サーバにおいて仮想 HUB ごとにアクセスの許可 / 拒否を設定したい場合に便利です。
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
# Caps 関係
|
||||
|
@ -491,7 +491,6 @@ NATT_MSG ** NAT Traversal 연결 - 안정성 저하 가능성이 있습니다 **
|
||||
HUB_AO_CLICK 항목 이름을 선택하면 해당 항목 이름에 대한 설명이 표시됩니다.
|
||||
HUB_AO_UNKNOWN 이 항목에 대한 설명을 찾을 수 없습니다. 문서 등을 참조하거나 항목 이름을 바탕으로 의미·내용을 추측하여 사용하십시오.
|
||||
HUB_AO_allow_hub_admin_change_option 이 항목은 특별하다. 이 항목을 1 (유효)의 경우 VPN Server 전체 관리자뿐만 아니라 가상 HUB 관리자도 스스로 가상 HUB 관리 옵션을 변경 할 수 있습니다.
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option 이 항목을 1 (유효)의 경우 가상 HUB 관리자는 가상 HUB의 고급 옵션 설정을 변경할 수 없으며 VPN Server 전체 관리자 만 가상 HUB의 고급 옵션 설정을 변경 할 수 있습니다.
|
||||
HUB_AO_no_delay_jitter_packet_loss 이 항목이 1 이상으로 설정되어있는 경우 가상 HUB 액세스 목록을 추가 할 때 지연 지터 패킷 손실을 생성시키기위한 매개 변수가 설정되어있는 경우에도 그 값 를 모두 삭제합니다. 이로 인해 지연 패킷 로스 생성 기능이 실질적으로 해제됩니다. 지연 패킷 로스 생성 기능은 VPN Server의 CPU 및 메모리 사용률이 높을 수 있기 때문에 많은 사용자가 공유하는 가상 HUB의 경우 높은 부하를 피하기 위해이 옵션을 사용하십시오.
|
||||
HUB_AO_max_users 이 항목이 1 이상으로 설정되어있는 경우 가상 HUB에 등록 할 수있는 최대 사용자 수이 항목의 지정된 수에 제한되며, 그 이상의 사용자 개체를 등록 할 수 없습니다.
|
||||
@ -590,6 +589,7 @@ HUB_AO_AssignVLanIdByRadiusAttribute VLAN ID의 동적 할당 기능을 활성
|
||||
HUB_AO_SecureNAT_RandomizeAssignIp 이 항목을 1 (유효)의 경우 SecureNAT 기능의 가상 DHCP 서버는 DHCP 클라이언트에 할당 된 IP 주소를 지정된 IP 주소 풀에서 사용하지 않는 주소에서 임의로 선택하도록합니다. 또한, 기본 동작은 미사용 주소 중 첫 번째 주소를 할당 할 수 있도록되어 있습니다.
|
||||
HUB_AO_DetectDormantSessionInterval 이 항목이 0이 아닌 경우, 지정된 초 비활성이었다 VPN 세션을 드 폰 망토 상태 (최대 절전 모드)로 식별합니다. 드 폰 망토 상태의 VPN 세션에 가상 HUB에서 홍수되어야 패킷이 침수 없습니다.
|
||||
HUB_AO_NoPhysicalIPOnPacketLog 이 항목이 0 (사용)의 경우 패킷 로그에 원본 및 대상 VPN 세션의 물리적 연결 원래 VPN 클라이언트의 IP 주소가 기록되지 않도록합니다.
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
# Caps 관계
|
||||
|
@ -479,7 +479,6 @@ NATT_MSG ** Connected with NAT traversal - might be unstable **\r\n\r\nThis VPN
|
||||
# Virtual HUB Admin Options
|
||||
HUB_AO_CLICK Select an item to view the description here.
|
||||
HUB_AO_UNKNOWN The description of the item was not found. Refer to the documents, or speculate the meaning and purpose of the item from the name of the item.
|
||||
HUB_AO_allow_hub_admin_change_option This is a special item. If you are enable (set to 1) this option, then not only the VPN Server's global administrator but also the Virtual Hub's administrator will be granted to modify the Virtual Hub Admin Options by himself.
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option If you are enable (set to 1) this option, the Virtual Hub's administrator will be forbidden to modify any values on the Virtual Hub Extended Options, then only the VPN Server's global administrator can modify them.
|
||||
HUB_AO_no_delay_jitter_packet_loss If you set this option to non-zero value, then all parameters of delay, jitter and packet-loss on the access-list entry will be ignored even if these parameters are set when the administrator adds a new access list entry. Therefore, delay, jitter and packet-loss generating function will be virtually disabled. Because of the delay generating function sometimes make a high volume of load on the CPU and RAM, a Virtual Hub which is shared by several users should have this option enabled.
|
||||
@ -582,6 +581,7 @@ HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value, th
|
||||
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
||||
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.)
|
||||
HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identifier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied.
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
# Concerning failed connection dialogs
|
||||
|
@ -465,7 +465,6 @@ NATT_MSG ** Connected with NAT traversal - might be unstable **\r\n\r\nThis V
|
||||
HUB_AO_CLICK Select an item to view the description here.
|
||||
HUB_AO_UNKNOWN The description of the item was not found. Refer to the documents, or speculate the meaning and purpose of the item from the name of the item.
|
||||
HUB_AO_allow_hub_admin_change_option This is a special item. If you are enable (set to 1) this option, then not only the VPN Server's global administrator but also the Virtual Hub's administrator will be granted to modify the Virtual Hub Admin Options by himself.
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option If you are enable (set to 1) this option, the Virtual Hub's administrator will be forbidden to modify any values on the Virtual Hub Extended Options, then only the VPN Server's global administrator can modify them.
|
||||
HUB_AO_no_delay_jitter_packet_loss If you set this option to non-zero value, then all parameters of delay, jitter and packet-loss on the access-list entry will be ignored even if these parameters are set when the administrator adds a new access list entry. Therefore, delay, jitter and packet-loss generating function will be virtually disabled. Because of the delay generating function sometimes make a high volume of load on the CPU and RAM, a Virtual Hub which is shared by several users should have this option enabled.
|
||||
HUB_AO_max_users If you set this option to non-zero value, the maximum number of user objects registered on the Virtual Hub will be limited to this value, then greater number of user objects than this value cannot be added.
|
||||
@ -568,6 +567,7 @@ HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value,
|
||||
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
||||
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.)
|
||||
HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identifier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied.
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
# Concerning failed connection dialogs
|
||||
|
@ -473,7 +473,6 @@ NATT_MSG ** 使用 NAT 穿透 (UDP 打洞) - 它可能是不穩定的 **\r\n\
|
||||
HUB_AO_CLICK 選擇一個項目,查看這裡的描述。
|
||||
HUB_AO_UNKNOWN 該項目的描述沒有被發現。請參閱檔案,或從該專案的名稱推測專案的意思和目的。
|
||||
HUB_AO_allow_hub_admin_change_option 這是一個特殊項目。如果你啟用(設置為1)這個選項,那麼不但 VPN Server 的全球管理員,而且虛擬 HUB 的管理員,都將被他自己准予修改虛擬 HUB 管理選項。
|
||||
HUB_AO_allow_eap_tls_match_user_by_cert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
HUB_AO_deny_hub_admin_change_ext_option 如果你啟用(設置為1)這個選項,虛擬 HUB 的管理員將被禁止修改在虛擬 HUB 擴展選項上的任何值,那麼只有 VPN Server 的全球管理員可以對其進行修改。
|
||||
HUB_AO_no_delay_jitter_packet_loss 如果您將此選項設置為非零值,在訪問列表條目中的延遲、抖動和封包丟失的所有參數將被忽略,即使這些參數是在管理員添加新的訪問列表條目時設置的。因此,延遲、抖動和封包丟失的生成函數實際中將被禁用。由於延遲生成函數有時會讓 CPU 和 RAM 產生高負載量,由多個使用者共用的一個虛擬 HUB 上應該啟用此選項。
|
||||
HUB_AO_max_users 如果您將此選項設置為非零值,在虛擬 HUB 上使用者物件註冊的最大數量將被限制在這個值,那麼使用者物件的數量如果大於這個值則不能被添加。
|
||||
@ -574,6 +573,7 @@ HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value,
|
||||
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
|
||||
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub. (For only L2TP/IPsec and OpenVPN sessions.)
|
||||
HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identifier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on RADIUS server whether access to the Virtual Hub should be granted or denied.
|
||||
HUB_AO_AllowEapMatchUserByCert If you enable (set to 1) this option, the Virtual Hub will attempt to match the EAP Identity not only with usernames, but also with user certificate CNs during the PPP EAP authentication flow.
|
||||
|
||||
|
||||
#關於失敗連接對話方塊
|
||||
|
Loading…
Reference in New Issue
Block a user