ocserv 0.11.7

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sun Feb 12 01:24:00 PST 2017

  I've released ocserv 0.11.7. This is a bug fix release in the 0.11.x

* Version 0.11.7 (released 2017-02-12)
- Fixed compilation issue related to autogen file re-use
- Send the "vpn-profile-manifest" fields after successful authentication.
  This enables openconnect to retrieve the XML configuration.
- Enhanced the cert-user-oid config option to read the SAN(rfc822name) value.
  In that case, the username will be read from the subject alternative
  name of the certificate rather than the DN. Based on patch by Johannes Sjøkvist.
- Do not log the real internal session ID as part of occtl or radius, 
  but instead log a masked value. That ensures that access to log files or
  radius is not sufficient to access an existing session.
- radius: Handle the special Framed-IP-Address values and They are currently handled as if the Framed-IP-Address
  field was not present; in both cases the server assigns the address.
- radius: on wrong password, forward any message received by radius server
  to the client as prompt. That utilizes the Reply-Message field as sent
  by the server.
- ocserv-fw: Fixed chain creation when only restrict-user-to-routes is set,
  and end all traffic to the device-specific forwarding chain. Patch by
  John Thiltges.

The current release is available at:

The VPN server's web-site is at:


More information about the openconnect-devel mailing list