ocserv-0.11.4
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Aug 5 00:51:55 PDT 2016
Hello,
I've released ocserv 0.11.4. This is a bug fix and feature
update release in the 0.11.x branch.
* Version 0.11.4 (released 2016-08-05)
- ocserv: Corrected the IPv6 address advertisement to client. Instead of
using the server's address prefix use the prefix assigned to client.
- ocserv: Added per-user-configuration option hostname.
- ocserv: Corrected the assignment of the tun device group membership in
Linux.
- ocserv: Do not hard fail when TUNSETGROUP ioctl fails with EINVAL. This
allows ocserv to operate under older kernels.
- ocserv: Corrected crash on worker process after client DTLS IP/port change.
- ocserv: reworked the MTU discovery. Disable MTU discovery when not requested
and set the minimum packet size to 1280 for IPv6 and 800 bytes for IPv4. When
the MTU discovery fails to calculate an MTU over the minimum then disable MTU
discovery and rely on packet fragmentation. Also set the DPD packet size to
equal the current MTU, to allow detecting broken DTLS connections.
- ocserv: updated the DTLS negotiation to conform to the latest openconnect
protocol draft. This keeps the previous anyconnect DTLS negotiation based on
resumption as legacy, but adds a new negotiation based on DTLS with PSK.
The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.4.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.4.tar.xz.sig
The VPN server's web-site is at:
http://www.infradead.org/ocserv
regards,
Nikos
More information about the openconnect-devel
mailing list