ocserv 0.10.10
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Nov 28 11:29:46 PST 2015
Hello,
I've just released ocserv 0.10.10. This is a minor feature
enhancement release in the 0.10.x branch.
* Version 0.10.10 (released 2015-11-28)
- Increase the number of log messages logged in the default level. That
is added messages that could be of use to administrators.
- Introduced ipv6-subnet-prefix config option. That option allows to
specify the IPv6 subnet prefix to be given to client. That is, allow
providing the clients networks larger than /128. The default setting
is 128 to keep backwards compatibility.
- Introduced the expose-iroutes config option. That option allows the
server to advertise routes offered by some clients to all of them.
This requires the config-per-user option.
- When a client has assigned iroutes which cannot be applied, he will
be denied access.
- Added restrict-user-to-routes configuration option which will execute
ocserv-fw script on user connection. The script will set firewall
rules which deny the user access to any other networks than the
routes set for the user. This is added as a tech preview; details of
this option may change on later releases.
- When banning IPv6 addresses treat a /64 network as a single address.
- Fixed conflict with isolate-workers and user-profile.
- occtl: Allow disabling the pager functionality on compile time using
--with-pager="".
The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.10.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.10.tar.xz.sig
The VPN server's web-site is at:
http://www.infradead.org/ocserv
regards,
Nikos
More information about the openconnect-devel
mailing list