Hello, I've released ocserv 0.11.8. This is a bug fix release in the 0.11.x branch. - Corrected MTU adjustment due to MSS. Previously the MSS value was converted to a lower than the actual MTU resulting to worse (lower) MTU estimates. Furthermore, in Linux systems switch to the more accurate TCP_INFO socket option to obtain MTU information. - Disable DTLS-PSK when operating under a unix socket. When no TLS session is available it is not possible to derive PSK keys. - Fixed several issues in KKDCP protocol support; i.e., allow larger messages than 16kb and address issue with communication with main. - Added support for haproxy's protocol v1 format. That allows to utilize ocserv, even with servers supporting the old protocol. - Report additional statistics to syslog and occtl, such as authentication failures, total sessions handled, total amount of data transferred, average session and authentication time. - Fix crash in main on sending reply message to worker for a banned IP. - Increased the default max-ban-score to 8 wrong password attempts, and increased the default IP ban time to 20 minutes. - occtl: added support for displaying user country in 'show user' output. Requires occtl to be compiled with libgeoip support. The current release is available at: ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.8.tar.xz ftp://ftp.infradead.org/pub/ocserv/ocserv-0.11.8.tar.xz.sig The VPN server's web-site is at: http://www.infradead.org/ocserv regards, Nikos
