ocserv: updated to 0.10.2

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

net/ocserv/files/ocserv.conf.template

@@ -35,7 +35,7 @@ max-clients = |MAX_CLIENTS|
 
 # Limit the number of client connections to one every X milliseconds 
 # (X is the provided value). Set to zero for no limit.
-#rate-limit-ms = 100
+rate-limit-ms = 100
 
 # Limit the number of identical clients (i.e., users connecting 
 # multiple times). Unset or set to zero for unlimited.
@@ -142,6 +142,27 @@ auth-timeout = 40
 # a failed authentication attempt.
 min-reauth-time = 360
 
+# Banning clients in ocserv works with a point system. IP addresses
+# that get a score over that configured number are banned for
+# min-reauth-time seconds. By default a wrong password attempt is 10 points,
+# a KKDCP POST is 1 point, and a connection is 1 point. Note that
+# due to difference processes being involved the count of points
+# will not be real-time precise.
+#
+# Score banning cannot be reliably used when receiving proxied connections
+# locally from an HTTP server (i.e., when listen-clear-file is used).
+#
+# Set to zero to disable.
+max-ban-score = 50
+
+# The time (in seconds) that all score kept for a client is reset.
+ban-reset-time = 300
+
+# In case you'd like to change the default points.
+#ban-points-wrong-password = 10
+#ban-points-connection = 1
+#ban-points-kkdcp = 1
+
 # Cookie timeout (in seconds)
 # which he can reconnect. That cookie will be invalided if not
 # used within this timeout value. On a user disconnection, that

net/ocserv/files/ocserv.init

@@ -34,7 +34,7 @@ setup_config() {
 	ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`
 	ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
 
-	test $auth = "plain" && authsuffix="\[/var/etc/ocpasswd\]"
+	test $auth = "plain" && authsuffix="\[passwd=/var/etc/ocpasswd\]"
 
 	dyndns="false"
 	hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`