ocserv 0.8.0pre0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
 I've just made available the first pre-release of ocserv 0.8.0 (pre0).
ocserv is a VPN server that implements the AnyConnect SSL VPN protocol
and targets small embedded Linux devices. This version has the
authentication process re-written to completely isolate authentication
from the main and worker processes, and adds several new features,
including support for group selection.

The version is bumped to 0.8.0 to indicate that the server is getting
close feature-wise to the originally planned.

* Version 0.8.0 (pre-release 2014-05-24)

- By default unix sockets are being used for the communication with
  occtl, instead of D-BUS. That allows for occtl to connect to any
  of the running servers in the system, by specifying '-s' and the
  server's occtl socket file.
- Ocserv was modified to utilize talloc, the samba allocation
  library which can prevent memory leaks on the main server. As
  this is not a memory intensive server the overhead should not be
  significant.
- Ocserv was refactored and user authentication was moved to the
  security module. That ensures that there can be no critical memory
  leaks to the worker process.
- Added the default-user-config and default-group-config configuration
  options. These allow setting a configuration file that will be loaded
  if a user-specific or group-specific configuration file isn't found.
- Added the predictable-ips configuration option. That option allows
  to disable the default "stable" IP assignment, and use completely
  random assignment.
- The 'select-group' and 'auto-select-group' configuration directives
  were added; select-group accepts groups that a connecting client will
  be prompted to select from. Additionally a client with a certificate
  that contains multiple groups will also be prompted to select one.
- The 'route' configuration directive accepts the keyword 'default',
  and will return a default route irrespective of any other route
  directives. That allows overriding existing routes with a default
  route for specific users and groups.
- The cookies are only limited to the specific IP they were granted to.
- Added the proxy-url configuration option to allow sending a proxy URL.
- License was upgraded to GPLv3.


The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz.sig

The VPN server's web-site is at:
http://www.infradead.org/ocserv

regards,
Nikos
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux