Trying to use select-group and cert auth only in 0.8, AnyConnect iOS client seems never prompt group select form, any idea? The client cert like: Subject: C=US, ST=California, L=San Francisco, O=WWW, OU=g1, OU=g2, OU=g3, CN=u1/emailAddress=test at test.com conf: cert-user-oid = 2.5.4.3 cert-group-oid = 2.5.4.11 Thanks for the great release! On Sat, May 24, 2014 at 8:47 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > Hello, > I've just made available the first pre-release of ocserv 0.8.0 (pre0). > ocserv is a VPN server that implements the AnyConnect SSL VPN protocol > and targets small embedded Linux devices. This version has the > authentication process re-written to completely isolate authentication > from the main and worker processes, and adds several new features, > including support for group selection. > > The version is bumped to 0.8.0 to indicate that the server is getting > close feature-wise to the originally planned. > > * Version 0.8.0 (pre-release 2014-05-24) > > - By default unix sockets are being used for the communication with > occtl, instead of D-BUS. That allows for occtl to connect to any > of the running servers in the system, by specifying '-s' and the > server's occtl socket file. > - Ocserv was modified to utilize talloc, the samba allocation > library which can prevent memory leaks on the main server. As > this is not a memory intensive server the overhead should not be > significant. > - Ocserv was refactored and user authentication was moved to the > security module. That ensures that there can be no critical memory > leaks to the worker process. > - Added the default-user-config and default-group-config configuration > options. These allow setting a configuration file that will be loaded > if a user-specific or group-specific configuration file isn't found. > - Added the predictable-ips configuration option. That option allows > to disable the default "stable" IP assignment, and use completely > random assignment. > - The 'select-group' and 'auto-select-group' configuration directives > were added; select-group accepts groups that a connecting client will > be prompted to select from. Additionally a client with a certificate > that contains multiple groups will also be prompted to select one. > - The 'route' configuration directive accepts the keyword 'default', > and will return a default route irrespective of any other route > directives. That allows overriding existing routes with a default > route for specific users and groups. > - The cookies are only limited to the specific IP they were granted to. > - Added the proxy-url configuration option to allow sending a proxy URL. > - License was upgraded to GPLv3. > > > The current release is available at: > ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz > ftp://ftp.infradead.org/pub/ocserv/ocserv-0.8.0pre0.tar.xz.sig > > The VPN server's web-site is at: > http://www.infradead.org/ocserv > > regards, > Nikos > > > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel at lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel
