ocserv 0.3.0
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jan 24 12:31:28 EST 2014
Hello,
I've just released ocserv 0.3.0. ocserv is a VPN server that implements
the AnyConnect SSL VPN protocol and targets small embedded Linux
devices.
This release has quite some changes including better support for cisco
clients, support for systemd socket activatable service, and the
addition of occtl, a tool to query information and control the server.
For that tool to be available D-BUS is required.
* Version 0.3.0 (released 2014-01-24)
- Added occtl a control tool for ocserv, that can be used to query
the server about the connected users, and perform certain actions
such as reload the server's configuration, stop the server or
disconnect a user.
- Added support for systemd socket-activatable service.
- Added priorities on the OpenConnect DTLS ciphersuites to ensure the
server has a say on the selected one (and prevent clients from
negotiating 3DES when AES is supported by both).
- Better display of IP addresses in log messages.
- Added the use-dbus configuration option. It can be used to disable
the D-BUS service (and thus the usage of the occtl utility).
- Added (optional) dependency on protocolbuffer-c, allowing a simpler
handling and easier extension of the internal IPC protocol.
- Added configuration option cisco-client-compat which if enabled
it allows a client to authenticate by sending its credentials in
different TLS sessions. A cookie is used to associate the sessions.
- Updated seccomp rules to allow the system calls used by the
worker process.
- Allow TLS rehandshakes on the TCP channel.
The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.3.0.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.3.0.tar.xz.sig
The VPN server's web-site is at:
http://www.infradead.org/ocserv
regards,
Nikos
More information about the openconnect-devel
mailing list