Hello, I've released ocserv 0.11.4. This is a bug fix and feature update release in the 0.11.x branch. * Version 0.11.4 (released 2016-08-05) - ocserv: Corrected the IPv6 address advertisement to client. Instead of using the server's address prefix use the prefix assigned to client. - ocserv: Added per-user-configuration option hostname. - ocserv: Corrected the assignment of the tun device group membership in Linux. - ocserv: Do not hard fail when TUNSETGROUP ioctl fails with EINVAL. This allows ocserv to operate under older kernels. - ocserv: Corrected crash on worker process after client DTLS IP/port change. - ocserv: reworked the MTU discovery. Disable MTU discovery when not requested and set the minimum packet size to 1280 for IPv6 and 800 bytes for IPv4. When the MTU discovery fails to calculate an MTU over the minimum then disable MTU discovery and rely on packet fragmentation. Also set the DPD packet size to equal the current MTU, to allow detecting broken DTLS connections. - ocserv: updated the DTLS negotiation to conform to the latest openconnect protocol draft. This keeps the previous anyconnect DTLS negotiation based on resumption as legacy, but adds a new negotiation based on DTLS with PSK. The current release is available at: ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.4.tar.xz ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.4.tar.xz.sig The VPN server's web-site is at: http://www.infradead.org/ocserv regards, Nikos
