forked from pool/ocserv
Accepting request 853618 from home:mnhauke:network
- Update to version 1.1.2
* Allow setup of new DTLS session concurrent with old session.
* Fixed an infinite loop on sec-mod crash when server-drain-ms
is set.
* Don't apply BanIP checks to clients on the same subnet.
* Don't attempt TLS if the client closes the connection with
zero data sent.
* Increased the maximum configuration line; this allows banner
messages longer than 200 characters.
* Removed the listen-clear-file config option. This option was
incompatible with several clients, and thus is unusable for a
generic server.
- Update to version 1.1.1:
* Improved rate-limit-ms and made it dependent on secmod backlog.
This makes the server more resilient (and prevents connection
failures) on multiple concurrent connections
- Added namespace support for listen address by introducing the
listen-netns option.
- Disable TLS1.3 when cisco client compatibility is enabled. New
anyconnect clients seem to supporting TLS1.3 but are unable to
handle a client with an RSA key.
- Enable a race free user disconnection via occtl.
- Added the config option of a pre-login-banner.
- Ocserv siwtched to using multiple ocserv-sm processes to
improve scale, with the number of ocserv-sm process dependent
on maximum clients and number of CPUs. Configuration option
sec-mod-scale can be used to override the heuristics.
- Fixed issue with group selection on radius servers sending
multiple group class attribute.
OBS-URL: https://build.opensuse.org/request/show/853618
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=37
This commit is contained in:
Michael Du
committed by
Git OBS Bridge
Git OBS Bridge
parent
62258b8971
commit
08902fbc93
@@ -1,3 +1,43 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 7 15:32:12 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||||
|
||||
- Update to version 1.1.2
|
||||
* Allow setup of new DTLS session concurrent with old session.
|
||||
* Fixed an infinite loop on sec-mod crash when server-drain-ms
|
||||
is set.
|
||||
* Don't apply BanIP checks to clients on the same subnet.
|
||||
* Don't attempt TLS if the client closes the connection with
|
||||
zero data sent.
|
||||
* Increased the maximum configuration line; this allows banner
|
||||
messages longer than 200 characters.
|
||||
* Removed the listen-clear-file config option. This option was
|
||||
incompatible with several clients, and thus is unusable for a
|
||||
generic server.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 21 15:27:14 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
||||
|
||||
- Update to version 1.1.1:
|
||||
* Improved rate-limit-ms and made it dependent on secmod backlog.
|
||||
This makes the server more resilient (and prevents connection
|
||||
failures) on multiple concurrent connections
|
||||
- Added namespace support for listen address by introducing the
|
||||
listen-netns option.
|
||||
- Disable TLS1.3 when cisco client compatibility is enabled. New
|
||||
anyconnect clients seem to supporting TLS1.3 but are unable to
|
||||
handle a client with an RSA key.
|
||||
- Enable a race free user disconnection via occtl.
|
||||
- Added the config option of a pre-login-banner.
|
||||
- Ocserv siwtched to using multiple ocserv-sm processes to
|
||||
improve scale, with the number of ocserv-sm process dependent
|
||||
on maximum clients and number of CPUs. Configuration option
|
||||
sec-mod-scale can be used to override the heuristics.
|
||||
- Fixed issue with group selection on radius servers sending
|
||||
multiple group class attribute.
|
||||
- Update patch:
|
||||
* ocserv-enable-systemd.patch
|
||||
* ocserv.config.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 19 10:46:22 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user