ocserv 0.3.0

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jan 24 12:31:28 EST 2014


Hello,
 I've just released ocserv 0.3.0. ocserv is a VPN server that implements
the AnyConnect SSL VPN protocol and targets small embedded Linux
devices.

This release has quite some changes including better support for cisco
clients, support for systemd socket activatable service, and the
addition of occtl, a tool to query information and control the server.
For that tool to be available D-BUS is required.


* Version 0.3.0 (released 2014-01-24)

- Added occtl a control tool for ocserv, that can be used to query
  the server about the connected users, and perform certain actions
  such as reload the server's configuration, stop the server or
  disconnect a user.
- Added support for systemd socket-activatable service.
- Added priorities on the OpenConnect DTLS ciphersuites to ensure the
  server has a say on the selected one (and prevent clients from
  negotiating 3DES when AES is supported by both).
- Better display of IP addresses in log messages.
- Added the use-dbus configuration option. It can be used to disable
  the D-BUS service (and thus the usage of the occtl utility).
- Added (optional) dependency on protocolbuffer-c, allowing a simpler
  handling and easier extension of the internal IPC protocol.
- Added configuration option cisco-client-compat which if enabled
  it allows a client to authenticate by sending its credentials in
  different TLS sessions. A cookie is used to associate the sessions.
- Updated seccomp rules to allow the system calls used by the
  worker process.
- Allow TLS rehandshakes on the TCP channel.


The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.3.0.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.3.0.tar.xz.sig

The VPN server's web-site is at:
http://www.infradead.org/ocserv

regards,
Nikos



More information about the openconnect-devel mailing list