- Update to version 1.1.0:
* Switch from fork to fork/exec model to achieve better scaling
and ASLR protection. This introduces an ocserv-worker application
which should be installed at the same path as ocserv (#285).
* When Linux OOM takes control kill ocserv workers before
ocserv-main or ocserv-secmod (#283).
* Disable TCP queuing on the TLS port.
* Fix leak of GnuTLS session when DTLS connection is
re-established (#293).
- Verify source with keyring before build.
OBS-URL: https://build.opensuse.org/request/show/818634
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=31
- Add signature and keyring for source verification
- Build with support for maxminddb
- Build with support for OATH
- Update to version 1.0.1
* Prevent clients that use broken versions of gnutls from
connecting using DTLS.
* occtl: added machine-readable fields in json output.
* occtl: IPs in ban list value is now reflecting the actual
banned IPs rather than the database size.
- Update to version 1.0.0
* Avoid crash on invalid configuration values.
* Updated manpage generation to work with newer versions of ronn.
* Ensure scripts have all the information on all disconnection
types.
* Several updates to further restrict the control that worker
processes have on the main process.
* Add support for RFC6750 bearer tokens. This adds the "auth=oidc"
config option. See doc/README-oidc.md for more information.
* Add USER_AGENT, DEVICE_TYPE and DEVICE_PLATFORM environment
variables when connect/disconnect scripts execute.
* Corrected issue with DTLS-PSK negotiation which prevented it
from being enabled.
* Improved IPv6 handling of AnyConnect client for Apple ios.
* Fixed issue with Radius accounting.
- Update to version 0.12.6
* Improved IPv6 support for anyconnect clients.
* The 'split-dns' configuration directive can be used per-user.
* The max-same-clients=1 configuration option no longer refuses
the reconnection of an already connected user.
* Added openat() to the accepted list of seccomp calls. This
OBS-URL: https://build.opensuse.org/request/show/796111
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=30
- Update to version 0.12.0
* Allow DTLS stream to come from different IP from TLS stream. There are situations where internet providers send the UDP stream from different IP.
* Increased possibilities of allowed combinations of authentication methods.
* Corrected regression since 0.11.8 with OTP authentication.
* Added support for hostname-based virtual hosts, utilizing TLS SNI. With that change it is possible to configure multiple servers running over the same port.
* Rename the tun device on BSD systems which support SIOCSIFNAME ioctl.
* Correctly handle proxy-protocol’s health commands. That eliminates few connection drops when proxy protocol is in use.
* Corrected crash on certain cases when proxy protocol is in use.
- Update ocserv.config.patch due to upstream changes
OBS-URL: https://build.opensuse.org/request/show/606481
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=18
