Provided by: eurephia_1.0.1-3build1_i386 bug


       eurephia-variables - eurephia configuration variables


       Overview  over  all  eurephia configuration variables.  These variables
       are stored in the database and can be modified by the eurephiadm config


       These variables are related to the password hash configuration.  All of
       them must be set, but they can be changed over time  without  affecting
       the functionality of the already stored passwords.

       These  parameters  are  the  first to be set when eurephia_init is run.
       The minimum and maximum hash rounds are bechmarked for  you  with  this
       tool  to  find  more suitable numbers for the hardware eurephia will be
       running on.

              Sets number of bytes to use for the password hash salt.

              Sets the minimum  number  of  hashing  rounds  to  perform  when
              calculating new password hashes.

              Sets  the  maximum  number  of  hashing  rounds  to perform when
              calculating new password hashes


       eurephia can blacklist user names, certificates and IP addresses  based
       on  number  of  failed  attempts.  The following parameters defines the
       limits  of  how  many  attempts  you  are  willing  to   allow   before
       blacklisting them.

              Defines  the  number  of  attempts  of failed login attempts you
              allow  before   you   will   blacklist   the   OpenVPN   clients
              cerrtificate.   This  number  should  normally  be  higher  than
              allow_username_attempts. Default is 5.

              Defines the number of failed ttempts for  a  user  name  can  be
              tried  before  you  will  blacklist  the  user name from further
              attempts.  Default is 3.

              Defines the number of failed attempts for an IP  address  to  be
              used  before  you  will  blacklist  the  IP address from further
              attempts.  This one should be the least  strictest  limit.   You
              also need to consider if your clients will log in via a proxy or
              NATed network and how many of your clients will do so.   If  you
              experience  many  users  failing  to log on and more of them are
              behind the same proxy or NAT gateway, this may blacklist the  IP
              address  quicker  than  intended.   But  if  among  many failing
              attempts a valid authentication happens,  the  attempts  counter
              will  be  reset  again,  so  this  limit  do  not need to be too
              forgiving.  Default is 10.


       If you are running the OpenVPN server with eurephia on a Linux  server,
       it  is  possible  to  let  eurephia interact with the firewall as well.
       These settings will enable the firewall integration and  tell  eurephia
       how  to interact with the firewall.  These parameters are very iptables
       oriented.  The iptables firewall module must be enabled at compile time
       and be installed to work.

              This  is  the  variable which enables firewall integration. This
              variable must point at the firewall driver, which  is  a  shared
              object file which eurephia will load dynamically.  These drivers
              are prefixed efw and will be found in  the  same  lib  or  lib64
              directory  as  the  eurephia-auth  and  edb-sqlite modules.  The
              variable must contain the full path to the driver module.

              This defines the binary the firewall module will execute to help
              update   the   firewall.    For   iptables   this   defaults  to

              Defines which predefined firewall rule to use when updating  the
              firewall.  The default value is vpn_users.

              This   activates  firewall  based  IP  address  blacklisting  in
              addition to the internal blacklist in eurephia.   This  variable
              defines  which firewall rule to use when wanting to blacklist an
              IP address.

              This  is  an  optional  parameter.    Normally   when   eurephia
              blacklists  an  IP  address  it will default to drop the network
              packets from that client. You can use this variable to  send  it
              to  a  different firewall target.  This is useful if you to, for
              example, log the incident to the system log before dropping  the


       These  settings  are  used  by  the  eurephia  administration  utility,

              This defines how long a eurephia administration utility may have
              an   open  session  before  it  is  considered  inactive.   When
              exceeding  this  limit,  the  administrator  user  will  be  out
              automatically.   The  unit  for  this setting is minutes and the
              default value is 10.

              The eurephiadm utility uses XSLT templates  for  generating  the
              output  to  the screen.  This variable gives you the possibility
              to have your own set  of  templates  in  a  different  directory
              instead  of  using  the  system wide XSLT templates installed by
              default.  This variable is not set by default.


       eurephiadm-config(7), eurephia_init(7),
       Administrators Tutorial and Manual


       Copyright (C) 2008-2010  David Sommerseth <>