ocserv 0.8.0pre0

Steve steve at thupdi.net
Sat May 24 10:39:49 PDT 2014


Trying to use select-group and cert auth only in 0.8, AnyConnect iOS
client seems never prompt group select form, any idea?

The client cert like: Subject: C=US, ST=California, L=San Francisco,
O=WWW, OU=g1, OU=g2, OU=g3, CN=u1/emailAddress=test at test.com

conf:

cert-user-oid = 2.5.4.3
cert-group-oid = 2.5.4.11


Thanks for the great release!

On Sat, May 24, 2014 at 8:47 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> Hello,
>  I've just made available the first pre-release of ocserv 0.8.0 (pre0).
> ocserv is a VPN server that implements the AnyConnect SSL VPN protocol
> and targets small embedded Linux devices. This version has the
> authentication process re-written to completely isolate authentication
> from the main and worker processes, and adds several new features,
> including support for group selection.
>
> The version is bumped to 0.8.0 to indicate that the server is getting
> close feature-wise to the originally planned.
>
> * Version 0.8.0 (pre-release 2014-05-24)
>
> - By default unix sockets are being used for the communication with
>   occtl, instead of D-BUS. That allows for occtl to connect to any
>   of the running servers in the system, by specifying '-s' and the
>   server's occtl socket file.
> - Ocserv was modified to utilize talloc, the samba allocation
>   library which can prevent memory leaks on the main server. As
>   this is not a memory intensive server the overhead should not be
>   significant.
> - Ocserv was refactored and user authentication was moved to the
>   security module. That ensures that there can be no critical memory
>   leaks to the worker process.
> - Added the default-user-config and default-group-config configuration
>   options. These allow setting a configuration file that will be loaded
>   if a user-specific or group-specific configuration file isn't found.
> - Added the predictable-ips configuration option. That option allows
>   to disable the default "stable" IP assignment, and use completely
>   random assignment.
> - The 'select-group' and 'auto-select-group' configuration directives
>   were added; select-group accepts groups that a connecting client will
>   be prompted to select from. Additionally a client with a certificate
>   that contains multiple groups will also be prompted to select one.
> - The 'route' configuration directive accepts the keyword 'default',
>   and will return a default route irrespective of any other route
>   directives. That allows overriding existing routes with a default
>   route for specific users and groups.
> - The cookies are only limited to the specific IP they were granted to.
> - Added the proxy-url configuration option to allow sending a proxy URL.
> - License was upgraded to GPLv3.
>
>
> The current release is available at:
> ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz
> ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz.sig
>
> The VPN server's web-site is at:
> http://www.infradead.org/ocserv
>
> regards,
> Nikos
>
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel



More information about the openconnect-devel mailing list