- Update to version 1.1.2
* Allow setup of new DTLS session concurrent with old session.
* Fixed an infinite loop on sec-mod crash when server-drain-ms
is set.
* Don't apply BanIP checks to clients on the same subnet.
* Don't attempt TLS if the client closes the connection with
zero data sent.
* Increased the maximum configuration line; this allows banner
messages longer than 200 characters.
* Removed the listen-clear-file config option. This option was
incompatible with several clients, and thus is unusable for a
generic server.
- Update to version 1.1.1:
* Improved rate-limit-ms and made it dependent on secmod backlog.
This makes the server more resilient (and prevents connection
failures) on multiple concurrent connections
- Added namespace support for listen address by introducing the
listen-netns option.
- Disable TLS1.3 when cisco client compatibility is enabled. New
anyconnect clients seem to supporting TLS1.3 but are unable to
handle a client with an RSA key.
- Enable a race free user disconnection via occtl.
- Added the config option of a pre-login-banner.
- Ocserv siwtched to using multiple ocserv-sm processes to
improve scale, with the number of ocserv-sm process dependent
on maximum clients and number of CPUs. Configuration option
sec-mod-scale can be used to override the heuristics.
- Fixed issue with group selection on radius servers sending
multiple group class attribute.
OBS-URL: https://build.opensuse.org/request/show/853618
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=37