ocserv 0.11.8

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Tue May 2 17:54:50 PDT 2017

  I've released ocserv 0.11.8. This is a bug fix release in the 0.11.x

- Corrected MTU adjustment due to MSS. Previously the MSS value was
converted to a
  lower than the actual MTU resulting to worse (lower) MTU estimates.
  Furthermore, in Linux systems switch to the more accurate TCP_INFO
socket option to
  obtain MTU information.
- Disable DTLS-PSK when operating under a unix socket. When no TLS
session is available
  it is not possible to derive PSK keys.
- Fixed several issues in KKDCP protocol support; i.e., allow larger messages
  than 16kb and address issue with communication with main.
- Added support for haproxy's protocol v1 format. That allows to utilize
  ocserv, even with servers supporting the old protocol.
- Report additional statistics to syslog and occtl, such as
authentication failures,
  total sessions handled, total amount of data transferred, average session and
  authentication time.
- Fix crash in main on sending reply message to worker for a banned IP.
- Increased the default max-ban-score to 8 wrong password attempts, and
  increased the default IP ban time to 20 minutes.
- occtl: added support for displaying user country in 'show user' output.
  Requires occtl to be compiled with libgeoip support.

The current release is available at:

The VPN server's web-site is at:


More information about the openconnect-devel mailing list