ocserv 0.11.8
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue May 2 17:54:50 PDT 2017
Hello,
I've released ocserv 0.11.8. This is a bug fix release in the 0.11.x
branch.
- Corrected MTU adjustment due to MSS. Previously the MSS value was
converted to a
lower than the actual MTU resulting to worse (lower) MTU estimates.
Furthermore, in Linux systems switch to the more accurate TCP_INFO
socket option to
obtain MTU information.
- Disable DTLS-PSK when operating under a unix socket. When no TLS
session is available
it is not possible to derive PSK keys.
- Fixed several issues in KKDCP protocol support; i.e., allow larger messages
than 16kb and address issue with communication with main.
- Added support for haproxy's protocol v1 format. That allows to utilize
ocserv, even with servers supporting the old protocol.
- Report additional statistics to syslog and occtl, such as
authentication failures,
total sessions handled, total amount of data transferred, average session and
authentication time.
- Fix crash in main on sending reply message to worker for a banned IP.
- Increased the default max-ban-score to 8 wrong password attempts, and
increased the default IP ban time to 20 minutes.
- occtl: added support for displaying user country in 'show user' output.
Requires occtl to be compiled with libgeoip support.
The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.8.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.8.tar.xz.sig
The VPN server's web-site is at:
http://www.infradead.org/ocserv
regards,
Nikos
More information about the openconnect-devel
mailing list