ocserv 0.8.0pre0

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat May 24 05:47:43 PDT 2014 

Hello,
 I've just made available the first pre-release of ocserv 0.8.0 (pre0).
ocserv is a VPN server that implements the AnyConnect SSL VPN protocol
and targets small embedded Linux devices. This version has the
authentication process re-written to completely isolate authentication
from the main and worker processes, and adds several new features,
including support for group selection.

The version is bumped to 0.8.0 to indicate that the server is getting
close feature-wise to the originally planned.

* Version 0.8.0 (pre-release 2014-05-24)

- By default unix sockets are being used for the communication with
  occtl, instead of D-BUS. That allows for occtl to connect to any
  of the running servers in the system, by specifying '-s' and the
  server's occtl socket file.
- Ocserv was modified to utilize talloc, the samba allocation
  library which can prevent memory leaks on the main server. As
  this is not a memory intensive server the overhead should not be
  significant.
- Ocserv was refactored and user authentication was moved to the
  security module. That ensures that there can be no critical memory
  leaks to the worker process.
- Added the default-user-config and default-group-config configuration
  options. These allow setting a configuration file that will be loaded
  if a user-specific or group-specific configuration file isn't found.
- Added the predictable-ips configuration option. That option allows
  to disable the default "stable" IP assignment, and use completely
  random assignment.
- The 'select-group' and 'auto-select-group' configuration directives
  were added; select-group accepts groups that a connecting client will
  be prompted to select from. Additionally a client with a certificate
  that contains multiple groups will also be prompted to select one.
- The 'route' configuration directive accepts the keyword 'default',
  and will return a default route irrespective of any other route
  directives. That allows overriding existing routes with a default
  route for specific users and groups.
- The cookies are only limited to the specific IP they were granted to.
- Added the proxy-url configuration option to allow sending a proxy URL.
- License was upgraded to GPLv3.


The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz.sig

The VPN server's web-site is at:
http://www.infradead.org/ocserv

regards,
Nikos

More information about the openconnect-devel mailing list