need some help

Quan Zhou qzhou at live.de
Mon Mar 23 01:50:11 PDT 2015 

Yes  you can change password for users with ocpasswd, proof:

qzhou at myserver:~$ sudo ocpasswd test
Enter password: 123
Re-enter password: 123
qzhou at myserver:~$ sudo cat /etc/ocserv/ocpasswd
test:*:$5$dxY5ynmGtDsvRQ6U$uQJZsM.2HQKfIr01/6X4dLVQgWLAcxCUrd2vHadudp5
qzhou at myserver:~$ sudo ocpasswd test
Enter password: 456
Re-enter password: 456
qzhou at myserver:~$ sudo cat /etc/ocserv/ocpasswd
test:*:$5$09af.jFO48aALBHJ$fBT4D9w7WEXsT7ahJjb.gbbKvabklzn.E0RVCHs2Yg0

And yes, you can use multiple X-CSTP-Split-Exclude, I do this all the time.

Regards,

Quan Zhou

+------------------------+
|pub [expires 2015-09-05]|
|44D2 0307 1643 E80F 2E31|
|F081 FAFA 6643 7F9F D46F|
+------------------------+
|qzhou at live.de           |
|https://keybase.io/qzhou|
+------------------------+

> On Mar 23, 2015, at 4:41 PM, Janner Chang <jannerchang at me.com> wrote:
> 
> OK,I want to know if ocpasswd change the origin user’s password,and how to  add multi address for custom-header = "X-CSTP-Split-Exclude: 166.111.0.0/255.255.0.0” just like:
> 
> custom-header = "X-CSTP-Split-Exclude: 166.111.0.0/255.255.0.0”
> custom-header = "X-CSTP-Split-Exclude: 166.112.0.0/255.255.0.0”
> 
> like this?
> 
> thx
> 
> 
> 
>> 在 2015年3月23日,16:30,Quan Zhou <qzhou at live.de> 写道:
>> 
>> Somehow I can, but what kind of message do you need for them? “Nihau! ocpasswd! Nihau! X-CSTP-Split-Exclude"
>> 
>> In case you might be referring to purpose of them:
>> 
>> ——— ocpasswd ———
>> [qzhou$hobbiton:~] ocpasswd --help
>> ocpasswd - OpenConnect server password utility
>> Usage:  ocpasswd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [username]
>> 
>>  -c, --passwd=file          Password file
>>  -g, --groupname=str        User's group name
>>  -d, --delete               Delete user
>>  -l, --lock                 Lock user
>>  -u, --unlock               Unlock user
>>  -v, --version[=arg]        output version information and exit
>>  -h, --help                 display extended usage information and exit
>>  -!, --more-help            extended usage information passed thru pager
>> 
>> Options are specified by doubled hyphens and their name or by a single
>> hyphen and the flag character.
>> Operands and options may be intermixed.  They will be reordered.
>> 
>> This program is openconnect password (ocpasswd) utility.  It allows the
>> generation and handling of a 'plain' password file used by ocserv.
>> 
>> Please send bug reports to:  <openconnect-devel at lists.infradead.org>
>> 
>> —— end of ocpasswd ——
>> 
>> As for X-Split*, it is a feature called split tunnel, a custom tunnel helps anyconnect client to set up route properly.
>> In your case, X-CSTP-Split-Exclude tells anyconnect to avoid tunneling specific IPs. Wrap it up as a example:
>> ```
>> custom-header = "X-CSTP-Split-Exclude: 166.111.0.0/255.255.0.0”
>> ‘’’
>> this will tell client to directly access all addresses within subnet 166.111.0.0/16.
>> 
>> Hope it was helpful.
>> 
>> Regards,
>> 
>> Quan Zhou
>> 
>> +------------------------+
>> |pub [expires 2015-09-05]|
>> |44D2 0307 1643 E80F 2E31|
>> |F081 FAFA 6643 7F9F D46F|
>> +------------------------+
>> |qzhou at live.de           |
>> |https://keybase.io/qzhou|
>> +------------------------+
>> 
>>> On Mar 23, 2015, at 4:11 PM, Janner Chang <jannerchang at me.com> wrote:
>>> 
>>> Hi,
>>> 
>>> Can you speak Chinese? I can’t find any message for ocpasswd and custom-header = `X-CSTP-Split-Exclude’
>>> 
>>> Regards.
>>> 
>>> JannerChang
>>> 
>>>> 在 2015年3月23日,16:06,Quan Zhou <qzhou at live.de> 写道:
>>>> 
>>>> Hi,
>>>> 
>>>> This is a message for ocpasswd and custom-header = `X-CSTP-Split-Exclude’
>>>> 
>>>> Hope you enjoyed it.
>>>> 
>>>> Regards,
>>>> 
>>>> Quan Zhou
>>>> 
>>>> +------------------------+
>>>> |pub [expires 2015-09-05]|
>>>> |44D2 0307 1643 E80F 2E31|
>>>> |F081 FAFA 6643 7F9F D46F|
>>>> +------------------------+
>>>> |qzhou at live.de           |
>>>> |https://keybase.io/qzhou|
>>>> +------------------------+
>>>> 
>>>>> On Mar 23, 2015, at 3:51 PM, Janner Chang <jannerchang at me.com> wrote:
>>>>> 
>>>>> Hi:
>>>>> I need some messsage for ocpasswd and custom-header = “X-CSTP-Split-Exclude
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> openconnect-devel mailing list
>>>>> openconnect-devel at lists.infradead.org
>>>>> http://lists.infradead.org/mailman/listinfo/openconnect-devel
>>>> 
>>> 
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150323/5a5f8b8b/attachment.sig>

More information about the openconnect-devel mailing list