Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Fri Aug 5 00:51:55 PDT 2016

  I've released ocserv 0.11.4. This is a bug fix and feature
update release in the 0.11.x branch.

* Version 0.11.4 (released 2016-08-05)
- ocserv: Corrected the IPv6 address advertisement to client. Instead of
  using the server's address prefix use the prefix assigned to client.
- ocserv: Added per-user-configuration option hostname.
- ocserv: Corrected the assignment of the tun device group membership in
- ocserv: Do not hard fail when TUNSETGROUP ioctl fails with EINVAL. This
  allows ocserv to operate under older kernels.
- ocserv: Corrected crash on worker process after client DTLS IP/port change.
- ocserv: reworked the MTU discovery. Disable MTU discovery when not requested
  and set the minimum packet size to 1280 for IPv6 and 800 bytes for IPv4. When
  the MTU discovery fails to calculate an MTU over the minimum then disable MTU
  discovery and rely on packet fragmentation. Also set the DPD packet size to
  equal the current MTU, to allow detecting broken DTLS connections.
- ocserv: updated the DTLS negotiation to conform to the latest openconnect
  protocol draft. This keeps the previous anyconnect DTLS negotiation based on
  resumption as legacy, but adds a new negotiation based on DTLS with PSK.

The current release is available at:

The VPN server's web-site is at:


More information about the openconnect-devel mailing list