8a5c4768e9
OBS-URL: https://build.opensuse.org/request/show/314133 OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=2
70 lines
3.2 KiB
Plaintext
70 lines
3.2 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Jun 8 13:51:18 UTC 2015 - i@marguerite.su
|
|
|
|
- set isolated-workers to false since we didn't build w/ seccomp yet
|
|
- change systemd socket ports as well
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 7 04:47:47 UTC 2015 - i@marguerite.su
|
|
|
|
- update version 0.10.5
|
|
* Added tgt-freshness-time option for gssapi/Kerberos authentication
|
|
option. That allows to specify the maximum number of seconds after
|
|
which a reauthentication with Kerberos is required to login to VPN.
|
|
* main/sec-mod: impose long timeouts on reads from sec-mod. That
|
|
would prevent issues when reading in a blocked in authentication
|
|
sec-mod.
|
|
* radius: When using radius accounting with certificate
|
|
authentication, properly notify of user session termination.
|
|
* radius: On definitely terminated sessions contact the radius server
|
|
as soon as possible. For sessions that can still be resumed the
|
|
radius server is contacted periodically after the cookies expire.
|
|
* radius: consider Acct-Interim-Interval when seen by the server.
|
|
That will be taken into account if groupconfig=true in radius
|
|
subconfig.
|
|
* Added configuration options persistent-cookies and session-timeout.
|
|
* radius: added support for Route-IPv6-Information,
|
|
Delegated-IPv6-Prefix, NAS-IPv6-Address, NAS-IP-Address,
|
|
Session-Timeout.
|
|
* Corrected desync of main and sec-mod by introducing a synchronous
|
|
communication socket. Reported by Mani Behrouz.
|
|
* PAM: forward the actual prompt to worker process, and not only
|
|
informational messages.
|
|
- drop ocserv-str_init.patch, upstream fixed.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 13 11:28:14 UTC 2015 - i@marguerite.su
|
|
|
|
- add user.tmpl, for certificate login
|
|
- tweak default config more
|
|
- add README.SUSE as setup instructions
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 2 10:04:45 UTC 2015 - i@marguerite.su
|
|
|
|
- initial version 0.9.0.1
|
|
* Added native support for radius. That adds the new auth
|
|
configuration option "radius", which has as parameters
|
|
the freeradius-client configuration file and optionally
|
|
the groupconfig option which instructs to read
|
|
configuration from radius; the stats-report-time option
|
|
enables interim-updates. That adds the dependency to
|
|
freeradius-client (see doc/README.radius).
|
|
* Reply using the same address that received UDP packets
|
|
are sent.
|
|
* Simplify the input of IPv6 network addresses.
|
|
* Use a separate IPC and PID namespace in Linux systems
|
|
for worker processes. That effectively puts each worker
|
|
process in a separate container. This can be enabled at
|
|
compile time using --enable-linux-namespaces.
|
|
* Configuration option 'use-seccomp' was replaced by
|
|
'isolate-workers', which in addition to seccomp it enables
|
|
the Linux namespaces restrictions.
|
|
* Added support for stateless compression using LZ4 and LZS.
|
|
This is disabled by default.
|
|
- disable dbus interface because currently it provides less
|
|
function than unix socket
|
|
- add patch: ocserv-str_init.patch
|
|
- add patch: ocserv-enable-systemd.patch
|
|
- add patch: ocserv.config.patch
|