Hello, I've just released ocserv 0.10.5. This is a bug fix release which resolves all known issues in the 0.10.x branch. * Version 0.10.5 (released 2015-05-24) - Added tgt-freshness-time option for gssapi/Kerberos authentication option. That allows to specify the maximum number of seconds after which a reauthentication with Kerberos is required to login to VPN. - main/sec-mod: impose long timeouts on reads from sec-mod. That would prevent issues when reading in a blocked in authentication sec-mod. - radius: When using radius accounting with certificate authentication, properly notify of user session termination. - radius: On definitely terminated sessions contact the radius server as soon as possible. For sessions that can still be resumed the radius server is contacted periodically after the cookies expire. - radius: consider Acct-Interim-Interval when seen by the server. That can be overriden using override-interim-updates in radius subconfig. - Added configuration options 'persistent-cookies' and 'session-timeout'. - radius: added support for Route-IPv6-Information, Delegated-IPv6-Prefix, NAS-IPv6-Address, NAS-IP-Address, Session-Timeout. - Corrected desync of main and sec-mod by introducing a synchronous communication socket. Reported by Mani Behrouz. - PAM: forward the actual prompt to worker process, and not only informational messages. The current release is available at: ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.5.tar.xz ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.5.tar.xz.sig The VPN server's web-site is at: http://www.infradead.org/ocserv regards, Nikos