server-sample.toml

#示例配置信息

#其他配置文件,可以使用绝对路径
#或者相对于 anylink 二进制文件的路径

#数据文件
db_type = "sqlite3"
db_source = "./conf/anylink.db"
#证书文件 使用跟nginx一样的证书即可
cert_file = "./conf/vpn_cert.pem"
cert_key = "./conf/vpn_cert.key"
files_path = "./conf/files"
profile = "./conf/profile.xml"
#profile name(用于区分不同服务端的配置)
#客户端存放位置
#Windows 10
#%ProgramData%Cisco\Cisco AnyConnect Secure Mobility Client\Profile
#Mac Os X
#/opt/cisco/anyconnect/profile
#Linux
#/opt/cisco/anyconnect/profile
profile_name = "anylink"
#日志目录,默认为空写入标准输出
#log_path = "./log"
log_path = ""
log_level = "debug"
pprof = true

#系统名称
issuer = "XX公司VPN"
#后台管理用户
admin_user = "admin"
#pass 123456
admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
# 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
# 生成 ./anylink tool -o
admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef"


#TCP服务监听地址(任意端口)
server_addr = ":443"
#开启 DTLS
server_dtls = false
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址
admin_addr = ":8800"
#开启tcp proxy protocol协议
proxy_protocol = false

#虚拟网络类型[tun macvtap tap]
link_mode = "tun"

#客户端分配的ip地址池
#docker环境一般默认 eth0，其他情况根据实际网卡信息填写
ipv4_master = "eth0"
ipv4_cidr = "192.168.90.0/24"
ipv4_gateway = "192.168.90.1"
ipv4_start = "192.168.90.100"
ipv4_end = "192.168.90.200"

#最大客户端数量
max_client = 200
#单个用户同时在线数量
max_user_client = 3
#IP租期(秒)
ip_lease = 86400

#默认选择的组
default_group = "one"

#客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 3
cstp_dpd = 20
mobile_keepalive = 4
mobile_dpd = 60

# 根据实际情况修改
#cstp_keepalive = 20
#cstp_dpd = 30
#mobile_keepalive = 40
#mobile_dpd = 60

#设置最大传输单元
mtu = 1460

# 客户端dns的默认搜索域
default_domain = "example.com"
#default_domain = "example.com abc.example.com"

#空闲链接超时时间(秒)-超时后断开链接，0关闭此功能
idle_timeout = 0
#session过期时间，用于断线重连，0永不过期
session_timeout = 3600
#auth_timeout = 0
audit_interval = 600

show_sql = false

#是否自动添加nat
iptables_nat = true

#启用压缩
compression = false
#低于及等于多少字节不压缩
no_compress_limit = 256

#客户端显示详细错误信息(线上环境慎开启)
display_error = false

#排除出口ip路由(出口ip不加密传输)
exclude_export_ip = true