ocserv 0.10.0
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Mar 10 10:29:07 PDT 2015
Hello,
I've just released ocserv 0.10.0. This release integrates
support for the Kerberos protocol using GSSAPI, and adds support for
MS-KKDCP to act as a proxy to KDC. Moreover this version separates
accounting from authentication and allows for alternative
authentication methods (e.g. PAM as main and GSSAPI as alternative).
ocserv is a VPN server that implements the AnyConnect SSL VPN protocol
and targets small embedded Linux devices. For the Kerberos/GSSAPI
additions the openconnect client (currently in git) is required.
* Version 0.10.0 (released 2015-03-10)
- Added support for gssapi (e.g., Kerberos) authentication
- Added support for alternative authentication methods, via enable-auth.
That allows to set a suffcient for login authentication method that will
be used as alternative to the main authentication.
- Added support for MS-KKDCP. That is, the server can be used as an HTTP
proxy to a KDC.
- Accounting was split from authentication. That way radius accounting can
be used in addition to any authentication method.
- Added a score-based system for banning IP addresses. See
min-reauth-time, max-ban-score and ban-reset-time.
- Better handling of SIGHUP, and documentation of the variables that
are updated.
- Support for 'certificate[optional]' authentication has been removed.
- occtl: Added commands to view banned IP list, as well as a command
to unban selected IPs.
The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.0.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.0.tar.xz.sig
The VPN server's web-site is at:
http://www.infradead.org/ocserv
regards,
Nikos
More information about the openconnect-devel
mailing list