Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Leap:42.2:Update
ocserv
ocserv.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ocserv.changes of Package ocserv
------------------------------------------------------------------- Fri Feb 12 14:10:54 UTC 2016 - i@marguerite.su - update version 0.10.11 * Corrected the reporting of keepalive to occtl. * Handle clients which send the first request to /VPN * Prevent a crash in per-user config dir is not available if expose-iroutes is set to true. - update license: GPL-2.0 - open ports using ocserv.SuSEfirewall - enable ip forwarding using ocserv.sysctl ------------------------------------------------------------------- Thu Jan 7 16:08:58 UTC 2016 - i@marguerite.su - update version 0.10.10 * Increase the number of log messages logged in the default level. That is added messages that could be of use to administrators. * Introduced ipv6-subnet-prefix config option. That option allows to specify the IPv6 subnet prefix to be given to client. That is, allow providing the clients networks larger than /128. The default setting is 128 to keep backwards compatibility. * Introduced the expose-iroutes config option. That option allows the server to advertise routes offered by some clients to all of them. This requires the config-per-user option. * When a client has assigned iroutes which cannot be applied, he will be denied access. * Added restrict-user-to-routes configuration option which will execute ocserv-fw script on user connection. The script will set firewall rules which deny the user access to any other networks than the routes set for the user. This is added as a tech preview; details of this option may change on later releases. * When banning IPv6 addresses treat a /64 network as a single address. * Fixed conflict with isolate-workers and user-profile. * occtl: Allow disabling the pager functionality on compile time using --with-pager="". ------------------------------------------------------------------- Wed Oct 21 11:34:00 UTC 2015 - i@marguerite.su - update version 0.10.9 * When compiled with GnuTLS 3.4 automatically sort the certificate list to be imported * Reload the CRL during periodic maintaince if its modification time changes * Address issue with duplicate check failing on IPv6 addresses * Added the ability to specify a UsersFile in plain auth for using an OTP This allows to use an OTP 2nd factor authentication without having to rely on PAM. This change, also enables the usage of an empty password field in the password file if an OTP file is present * Allow loading DER-encoded CRLs * Re-added the PAM accounting method. That accounting method can be combined with any authentication method, and can be used to check for a valid system account - changes in 0.10.8 * Pass the proxy protocol information at earlier stage to main process, to allow the correct information to be passed at the connect script and occtl * Added the IP_REAL_LOCAL environment variable to scripts. This passes the local IP the client connected to * The PAM accounting method was dropped as there was no practical usage of it, the way it was implemented * When assigning IPv6 addresses use the whole available netmask * occtl: Print the local IP the client connected to, with the client information * occtl: Print the configured for the client split-dns domains - changes in 0.10.7 * Added a fuzzying factor to CPU intensive, or radius communication tasks when initiated by worker process. That avoids a very high load periodically, e.g., when multiple clients connect at the same time * Added support for haproxy's protocol v2 format. That allows to report the correct client IP even on proxied sessions. It introduces the configuration option listen-proxy-proto * occtl: added -n/--no-pager option. That allows to disable pager explicitly * occtl: fixed several cases of invalid JSON output - changes in 0.10.6 * Transmit packets to the last incoming source, allowing faster switch of the communication channel * The worker processes will utilize the UDP socket address (if any), when reporting peer's address if the listen-clear-file option is set * Lifted the limit on the number of configuration options. That allows to add an "unlimited" number of 'route' options * Support encrypted key files. That adds the key-pin and srk-pin configuration options * The dbus communication option has been dropped * Radius: depend on radcli radius library * occtl: added -j/--json option. That allows to output in a JSON format ------------------------------------------------------------------- Mon Jun 8 13:51:18 UTC 2015 - i@marguerite.su - set isolated-workers to false since we didn't build w/ seccomp yet - change systemd socket ports as well ------------------------------------------------------------------- Sun Jun 7 04:47:47 UTC 2015 - i@marguerite.su - update version 0.10.5 * Added tgt-freshness-time option for gssapi/Kerberos authentication option. That allows to specify the maximum number of seconds after which a reauthentication with Kerberos is required to login to VPN. * main/sec-mod: impose long timeouts on reads from sec-mod. That would prevent issues when reading in a blocked in authentication sec-mod. * radius: When using radius accounting with certificate authentication, properly notify of user session termination. * radius: On definitely terminated sessions contact the radius server as soon as possible. For sessions that can still be resumed the radius server is contacted periodically after the cookies expire. * radius: consider Acct-Interim-Interval when seen by the server. That will be taken into account if groupconfig=true in radius subconfig. * Added configuration options persistent-cookies and session-timeout. * radius: added support for Route-IPv6-Information, Delegated-IPv6-Prefix, NAS-IPv6-Address, NAS-IP-Address, Session-Timeout. * Corrected desync of main and sec-mod by introducing a synchronous communication socket. Reported by Mani Behrouz. * PAM: forward the actual prompt to worker process, and not only informational messages. - drop ocserv-str_init.patch, upstream fixed. ------------------------------------------------------------------- Fri Feb 13 11:28:14 UTC 2015 - i@marguerite.su - add user.tmpl, for certificate login - tweak default config more - add README.SUSE as setup instructions ------------------------------------------------------------------- Mon Feb 2 10:04:45 UTC 2015 - i@marguerite.su - initial version 0.9.0.1 * Added native support for radius. That adds the new auth configuration option "radius", which has as parameters the freeradius-client configuration file and optionally the groupconfig option which instructs to read configuration from radius; the stats-report-time option enables interim-updates. That adds the dependency to freeradius-client (see doc/README.radius). * Reply using the same address that received UDP packets are sent. * Simplify the input of IPv6 network addresses. * Use a separate IPC and PID namespace in Linux systems for worker processes. That effectively puts each worker process in a separate container. This can be enabled at compile time using --enable-linux-namespaces. * Configuration option 'use-seccomp' was replaced by 'isolate-workers', which in addition to seccomp it enables the Linux namespaces restrictions. * Added support for stateless compression using LZ4 and LZS. This is disabled by default. - disable dbus interface because currently it provides less function than unix socket - add patch: ocserv-str_init.patch - add patch: ocserv-enable-systemd.patch - add patch: ocserv.config.patch
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
