Accepting request 340259 from home:MargueriteSu:branches:network:vpn
OBS-URL: https://build.opensuse.org/request/show/340259 OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=3
This commit is contained in:
Marguerite Su
Git OBS Bridge
parent
8a5c4768e9
commit
376aa70200
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:62a2b087f21b257a1ea433c12f6937d2a2f5ef30eedbe4739b0407405de474b8
|
||||
size 705828
|
||||
3
ocserv-0.10.9.tar.xz
Normal file
3
ocserv-0.10.9.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:96d0ea22e811a70e46561ffe29c4e6b1cc014ee24d353c0367ca72edcedf533c
|
||||
size 718004
|
||||
@ -1,3 +1,59 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 21 11:34:00 UTC 2015 - i@marguerite.su
|
||||
|
||||
- update version 0.10.9
|
||||
* When compiled with GnuTLS 3.4 automatically sort the certificate
|
||||
list to be imported
|
||||
* Reload the CRL during periodic maintaince if its modification
|
||||
time changes
|
||||
* Address issue with duplicate check failing on IPv6 addresses
|
||||
* Added the ability to specify a UsersFile in plain auth for using
|
||||
an OTP
|
||||
This allows to use an OTP 2nd factor authentication without having
|
||||
to rely on PAM. This change, also enables the usage of an empty
|
||||
password field in the password file if an OTP file is present
|
||||
* Allow loading DER-encoded CRLs
|
||||
* Re-added the PAM accounting method. That accounting method can
|
||||
be combined with any authentication method, and can be used to
|
||||
check for a valid system account
|
||||
- changes in 0.10.8
|
||||
* Pass the proxy protocol information at earlier stage to main
|
||||
process, to allow the correct information to be passed at the
|
||||
connect script and occtl
|
||||
* Added the IP_REAL_LOCAL environment variable to scripts. This
|
||||
passes the local IP the client connected to
|
||||
* The PAM accounting method was dropped as there was no practical
|
||||
usage of it, the way it was implemented
|
||||
* When assigning IPv6 addresses use the whole available netmask
|
||||
* occtl: Print the local IP the client connected to, with the
|
||||
client information
|
||||
* occtl: Print the configured for the client split-dns domains
|
||||
- changes in 0.10.7
|
||||
* Added a fuzzying factor to CPU intensive, or radius communication
|
||||
tasks when initiated by worker process. That avoids a very
|
||||
high load periodically, e.g., when multiple clients connect
|
||||
at the same time
|
||||
* Added support for haproxy's protocol v2 format. That allows
|
||||
to report the correct client IP even on proxied sessions.
|
||||
It introduces the configuration option listen-proxy-proto
|
||||
* occtl: added -n/--no-pager option. That allows to disable
|
||||
pager explicitly
|
||||
* occtl: fixed several cases of invalid JSON output
|
||||
- changes in 0.10.6
|
||||
* Transmit packets to the last incoming source, allowing faster
|
||||
switch of the communication channel
|
||||
* The worker processes will utilize the UDP socket address
|
||||
(if any), when reporting peer's address if the listen-clear-file
|
||||
option is set
|
||||
* Lifted the limit on the number of configuration options. That
|
||||
allows to add an "unlimited" number of 'route' options
|
||||
* Support encrypted key files. That adds the key-pin and srk-pin
|
||||
configuration options
|
||||
* The dbus communication option has been dropped
|
||||
* Radius: depend on radcli radius library
|
||||
* occtl: added -j/--json option. That allows to output in a
|
||||
JSON format
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 8 13:51:18 UTC 2015 - i@marguerite.su
|
||||
|
||||
|
||||
@ -1,17 +1,17 @@
|
||||
Index: ocserv-0.10.5/doc/sample.config
|
||||
Index: ocserv-0.10.9/doc/sample.config
|
||||
===================================================================
|
||||
--- ocserv-0.10.5.orig/doc/sample.config
|
||||
+++ ocserv-0.10.5/doc/sample.config
|
||||
@@ -36,7 +36,7 @@
|
||||
|
||||
--- ocserv-0.10.9.orig/doc/sample.config
|
||||
+++ ocserv-0.10.9/doc/sample.config
|
||||
@@ -39,7 +39,7 @@
|
||||
#auth = "pam"
|
||||
#auth = "pam[gid-min=1000]"
|
||||
#auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
|
||||
-auth = "plain[passwd=./sample.passwd]"
|
||||
+auth = "plain[passwd=/etc/ocserv/ocpasswd]"
|
||||
#auth = "certificate"
|
||||
#auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
|
||||
|
||||
@@ -68,8 +68,8 @@ auth = "plain[passwd=./sample.passwd]"
|
||||
@@ -72,8 +72,8 @@ auth = "plain[passwd=./sample.passwd]"
|
||||
#listen-host-is-dyndns = true
|
||||
|
||||
# TCP and UDP port number
|
||||
@ -22,25 +22,7 @@ Index: ocserv-0.10.5/doc/sample.config
|
||||
|
||||
# Accept connections using a socket file. It accepts HTTP
|
||||
# connections (i.e., without SSL/TLS unlike its TCP counterpart),
|
||||
@@ -102,7 +102,7 @@ socket-file = /var/run/ocserv-socket
|
||||
# system calls allowed to a worker process, in order to reduce damage from a
|
||||
# bug in the worker process. It is available on Linux systems at a performance cost.
|
||||
# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
|
||||
-isolate-workers = true
|
||||
+isolate-workers = false
|
||||
|
||||
# A banner to be displayed on clients
|
||||
#banner = "Welcome"
|
||||
@@ -148,7 +148,7 @@ dpd = 90
|
||||
mobile-dpd = 1800
|
||||
|
||||
# MTU discovery (DPD must be enabled)
|
||||
-try-mtu-discovery = false
|
||||
+try-mtu-discovery = true
|
||||
|
||||
# The key and the certificates of the server
|
||||
# The key may be a file, or any URL supported by GnuTLS (e.g.,
|
||||
@@ -160,8 +160,8 @@ try-mtu-discovery = false
|
||||
@@ -108,8 +108,8 @@ socket-file = /var/run/ocserv-socket
|
||||
#
|
||||
# There may be multiple server-cert and server-key directives,
|
||||
# but each key should correspond to the preceding certificate.
|
||||
@ -51,16 +33,34 @@ Index: ocserv-0.10.5/doc/sample.config
|
||||
|
||||
# Diffie-Hellman parameters. Only needed if you require support
|
||||
# for the DHE ciphersuites (by default this server supports ECDHE).
|
||||
@@ -187,7 +187,7 @@ server-key = ../tests/server-key.pem
|
||||
@@ -135,7 +135,7 @@ server-key = ../tests/server-key.pem
|
||||
# The Certificate Authority that will be used to verify
|
||||
# client certificates (public keys) if certificate authentication
|
||||
# is set.
|
||||
-ca-cert = ../tests/ca.pem
|
||||
+ca-cert = /etc/ocserv/certificates/ca-cert.pem
|
||||
|
||||
# The object identifier that will be used to read the user ID in the client
|
||||
# certificate. The object identifier should be part of the certificate's DN
|
||||
@@ -320,8 +320,8 @@ rekey-method = ssl
|
||||
|
||||
### All configuration options below this line are reloaded on a SIGHUP.
|
||||
@@ -145,7 +145,7 @@ ca-cert = ../tests/ca.pem
|
||||
# system calls allowed to a worker process, in order to reduce damage from a
|
||||
# bug in the worker process. It is available on Linux systems at a performance cost.
|
||||
# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
|
||||
-isolate-workers = true
|
||||
+isolate-workers = false
|
||||
|
||||
# A banner to be displayed on clients
|
||||
#banner = "Welcome"
|
||||
@@ -197,7 +197,7 @@ dpd = 90
|
||||
mobile-dpd = 1800
|
||||
|
||||
# MTU discovery (DPD must be enabled)
|
||||
-try-mtu-discovery = false
|
||||
+try-mtu-discovery = true
|
||||
|
||||
# If you have a certificate from a CA that provides an OCSP
|
||||
# service you may provide a fresh OCSP status response within
|
||||
@@ -341,8 +341,8 @@ rekey-method = ssl
|
||||
# STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes
|
||||
# output from the tun device, and the duration of the session in seconds.
|
||||
|
||||
@ -71,7 +71,7 @@ Index: ocserv-0.10.5/doc/sample.config
|
||||
|
||||
# UTMP
|
||||
# Register the connected clients to utmp. This will allow viewing
|
||||
@@ -377,7 +377,7 @@ ipv4-netmask = 255.255.255.0
|
||||
@@ -401,7 +401,7 @@ ipv4-netmask = 255.255.255.0
|
||||
# The advertized DNS server. Use multiple lines for
|
||||
# multiple servers.
|
||||
# dns = fc00::4be0
|
||||
@ -80,7 +80,7 @@ Index: ocserv-0.10.5/doc/sample.config
|
||||
|
||||
# The NBNS server (if any)
|
||||
#nbns = 192.168.1.3
|
||||
@@ -414,8 +414,8 @@ ping-leases = false
|
||||
@@ -438,8 +438,8 @@ ping-leases = false
|
||||
# comment out all routes from the server, or use the special keyword
|
||||
# 'default'.
|
||||
|
||||
@ -91,10 +91,10 @@ Index: ocserv-0.10.5/doc/sample.config
|
||||
#route = fef4:db8:1000:1001::/64
|
||||
|
||||
# Subsets of the routes above that will not be routed by
|
||||
Index: ocserv-0.10.5/doc/systemd/socket-activated/ocserv.socket
|
||||
Index: ocserv-0.10.9/doc/systemd/socket-activated/ocserv.socket
|
||||
===================================================================
|
||||
--- ocserv-0.10.5.orig/doc/systemd/socket-activated/ocserv.socket
|
||||
+++ ocserv-0.10.5/doc/systemd/socket-activated/ocserv.socket
|
||||
--- ocserv-0.10.9.orig/doc/systemd/socket-activated/ocserv.socket
|
||||
+++ ocserv-0.10.9/doc/systemd/socket-activated/ocserv.socket
|
||||
@@ -2,8 +2,8 @@
|
||||
Description=OpenConnect SSL VPN server Socket
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
#
|
||||
|
||||
Name: ocserv
|
||||
Version: 0.10.5
|
||||
Version: 0.10.9
|
||||
Release: 0
|
||||
License: GPL-2.0+
|
||||
Summary: OpenConnect VPN Server
|
||||
@ -120,7 +120,7 @@ install -m 0644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitd
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc AUTHORS ChangeLog LICENSE NEWS README COPYING TODO
|
||||
%doc AUTHORS ChangeLog LICENSE NEWS README.md COPYING TODO
|
||||
%config %{_sysconfdir}/ocserv
|
||||
%{_bindir}/occtl
|
||||
%{_bindir}/ocpasswd
|
||||
|
||||
Loading…
Reference in New Issue
Block a user