mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-02-07 11:49:40 +00:00
Code Issues Releases Activity
freebsd-ports/net/ocserv/pkg-descr

21 lines
1.0 KiB
Plaintext
Raw Normal View History

New port: net/ocserv: server implementing the AnyConnect SSL VPN protocol OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect protocol provides a dual TCP/UDP VPN channel, and uses the standard IETF security protocols to secure it. Both IPv4 and IPv6 are supported. Ocserv's main features are security through provilege separation and sandboxing, accounting, and resilience due to a combined use of TCP and UDP. Authentication occurs in an isolated security module process, and each user is assigned an unprivileged worker process, and a networking (tun) device. That not only eases the control of the resources of each user or group of users, but also prevents data leak (e.g., heartbleed-style attacks), and privilege escalation due to any bug on the VPN handling (worker) process. A management interface allows for viewing and querying logged-in users. WWW: http://www.infradead.org/ocserv/ PR: 202253 Submitted by: Carlos Jacobo Puga Medina <cpm@fbsd.es> Reviewed by: pi
2015-08-16 21:48:15 +00:00
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
to be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. Both IPv4
and IPv6 are supported.
Ocserv's main features are security through provilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP. Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege
escalation due to any bug on the VPN handling (worker) process. A
management interface allows for viewing and querying logged-in
users.
- Update to 0.11.9 - Update WWW in pkg-descr Noteworthy changes in 0.11.9 - Fixed bug which caused the acceptable of invalid IPv4 address as valid. - Fixed compatibility with gnutls 3.3.8 by avoiding the use of the 'VERS-ALL' priority string which was introduced in 3.3.24. - Fixed null pointer dereference when parsing locked accounts in plain password authentication. - Add support for RSA-PSS and Ed25519 private keys when used with GnuTLS 3.6.0. - ocpasswd: when locking an account multiple times, add the '!' character only once. Based on patch by Frank Huang. Changes: http://lists.infradead.org/pipermail/openconnect-devel/2017-October/004529.html MFH: 2017Q4
2017-10-14 02:03:05 +00:00
WWW: https://ocserv.gitlab.io/www/index.html
Reference in New Issue Copy Permalink