OpenConnect v2.26 release

David Woodhouse dwmw2 at
Tue Sep 21 19:17:14 EDT 2010

Most important change here is probably that we now implement DTLS
rekeying. With (for example) a session lifetime of 2 days and a DTLS
rekey time of only one day, some users were spending half their time
doing TCP-over-TCP.

Added a --force-dpd option to act as NAT keepalive when the server
doesn't request DPD.

Bitch about certificates which are almost out of date.

Work on Android. Probably.

David Woodhouse (16):
      Link to knetworkmanager bug for OpenConnect support
      Update ConnMan references
      Elide webvpn cookie from debugging output.
      Add --force-dpd option
      Clean up option handling to use sane values for long-only options
      Implement DTLS and CSTP rekeying.
      Close existing connection and discard compressed packet in cstp_reconnect()
      Check certificate expiry and complain
      Use SSLv3 not TLSv1
      Fix host selection in NM auth-dialog
      Update --script-tun description, remove non-existent --tun-fd from manpage.
      Update changelog
      Android has /dev/tun, not /dev/net/tun
      Don't crash on relative redirect when original urlpath was NULL
      Update changelog
      Tag version 2.26

Dominic Hargreaves (1):
      Update status of Debian OpenSSL DTLS support

Eric Barkie (1):
      Never use protocol family prefixes with a TUN script.

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at                              Intel Corporation

More information about the openconnect-devel mailing list