ocserv - OpenConnect VPN Server

Property Value
Distribution openSUSE Tumbleweed
Repository openSUSE Oss all
Package filename ocserv-0.12.3-1.1.i586.rpm
Package name ocserv
Package version 0.12.3
Package release 1.1
Package architecture i586
Package type rpm
Category Productivity/Networking/Security
Homepage http://www.infradead.org/ocserv
License GPL-2.0-only
Maintainer -
Download size 253.63 KB
Installed size 705.01 KB
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to
be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. The server
is implemented primarily for the GNU/Linux platform but its code
is designed to be portable to other UNIX variants as well.
Ocserv's main features are security through privilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP. Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege
escalation due to any bug on the VPN handling (worker) process.
A management interface allows for viewing and querying logged-in users.


Package Version Architecture Repository
ocserv-0.12.3-1.1.x86_64.rpm 0.12.3 x86_64 openSUSE Oss
ocserv - - -


Name Value
gnutls >= 3.1.10
libc.so.6(GLIBC_2.28) -
libcrypt.so.1 -
libcrypt.so.1(XCRYPT_2.0) -
libev.so.4 -
libfreeradius-client.so.2 -
libgnutls.so.30 -
libgnutls.so.30(GNUTLS_3_4) -
libgnutls.so.30(GNUTLS_3_6_0) -
liblz4.so.1 -
libnettle.so.6 -
libnettle.so.6(NETTLE_6) -
libnl-3.so.200 -
libnl-3.so.200(libnl_3) -
libnl-route-3.so.200 -
libnl-route-3.so.200(libnl_3) -
libpam.so.0 -
libpam.so.0(LIBPAM_1.0) -
libprotobuf-c.so.1 -
libprotobuf-c.so.1(LIBPROTOBUF_C_1.0.0) -
libreadline.so.8 -
libsystemd.so.0 -
libsystemd.so.0(LIBSYSTEMD_209) -
libtalloc.so.2 -
libtalloc.so.2(TALLOC_2.0.2) -
systemd -


Name Value
config(ocserv) = 0.12.3-1.1
ocserv = 0.12.3-1.1
ocserv(x86-32) = 0.12.3-1.1


Type URL
Mirror widehat.opensuse.org
Binary Package ocserv-0.12.3-1.1.i586.rpm
Source Package ocserv-0.12.3-1.1.src.rpm

Install Howto

Install ocserv rpm package:

# zypper install ocserv




2019-04-23 - Michael Du <duyizhaozj321@yahoo.com>
- Update to version 0.12.3:
* Fixed crash when no DTLS ciphersuite is negotiated.
* Fixed crash happening arbitrarily depending on handled string
sizes (#197).
* Fixed compatibility issue with GnuTLS 3.3.x (#201).
* occtl: print the TLS session information, even if the DTLS
channel is not established.
2019-01-25 - Michael Du <duyizhaozj321@yahoo.com>
- Update to version 0.12.2:
* Added support for AES256-SHA legacy cipher. This allows the
anyconnect clients to use AES256.
* Added support for the DTLS1.2 protocol hack used by new
Anyconnect clients.
2018-05-17 - duyizhaozj321@yahoo.com
- Update to version 0.12.1:
* Fixed crash on initialization when server was running on background
* Work around issues with GnuTLS 3.4.x on ubuntu 16.04, at the cost of a memory leak on key reload
2018-05-11 - duyizhaozj321@yahoo.com
- Update to version 0.12.0
* Allow DTLS stream to come from different IP from TLS stream. There are situations where internet providers send the UDP stream from different IP.
* Increased possibilities of allowed combinations of authentication methods.
* Corrected regression since 0.11.8 with OTP authentication.
* Added support for hostname-based virtual hosts, utilizing TLS SNI. With that change it is possible to configure multiple servers running over the same port.
* Rename the tun device on BSD systems which support SIOCSIFNAME ioctl.
* Correctly handle proxy-protocol?s health commands. That eliminates few connection drops when proxy protocol is in use.
* Corrected crash on certain cases when proxy protocol is in use.
- Update ocserv.config.patch due to upstream changes
2018-02-27 - i@marguerite.su
- add firewalld service
2018-02-24 - i@marguerite.su
- update version 0.11.10
* see NEWS
- drop boo1021353-ocserv-doc-racing-in-parallel-build.patch
* upstreamed
- add ocserv-LZ4_compress_default.patch
* leap doesn't have LZ4_compress_default
2017-05-11 - dimstar@opensuse.org
- Use readline (current) instead of readline5:
+ Replace readline5-devel BuildRequires with readline-devel.
2017-01-23 - i@marguerite.su
- fix boo#1021353: ocserv randomly misbuilds man pages
- add patch: boo1021353-ocserv-doc-racing-in-parallel-build.patch
* occtl and ocpasswd are both built from args.def, which
will cause a racing problem in parallel builds that autogen
write contents randomly. fixed by adding a prefix to make
them different in filename.
2016-12-21 - i@marguerite.su
- update version 0.11.6
* cserv: Improved detection of mobile clients
* ocserv: Update the worker's ID on Radius accounting messages.
That is, even if we initially advertize the ID of the worker
handling the client as NAS-Port, the client may eventually end-up
being served by another process with different ID. In that case we make
sure that the radius server is notified on the next accounting message.
If you are using radius see doc/README.radius.md about NAS-Port, since
that behavior may cause issues in freeradius installations.
* ocserv: Added config option 'switch-to-tcp-timeout'. That allows an
automatic switch to TCP in case of no received UDP traffic for
certain time
* ocserv: Pre-load the OCSP response file; that way worker processes can
serve it, even if they have no access to it.
* ocserv: When compiled with GnuTLS 3.5.6 automatically set DH
parameters from the known set.
2016-02-12 - i@marguerite.su
- update version 0.10.11
* Corrected the reporting of keepalive to occtl.
* Handle clients which send the first request to /VPN
* Prevent a crash in per-user config dir is not available if
expose-iroutes is set to true.
- update license: GPL-2.0
- open ports using ocserv.SuSEfirewall
- enable ip forwarding using ocserv.sysctl

See Also

Package Description
octave-5.1.0-1.3.i586.rpm A High Level Programming Language
octave-5.1.0-1.3.x86_64.rpm A High Level Programming Language
octave-CSXCAD-0.6.2-2.1.noarch.rpm Octave interface for openEMS
octave-cli-5.1.0-1.3.i586.rpm Command-line user interface for Octave
octave-cli-5.1.0-1.3.x86_64.rpm Command-line user interface for Octave
octave-devel-5.1.0-1.3.i586.rpm Development files for Octave
octave-devel-5.1.0-1.3.x86_64.rpm Development files for Octave
octave-doc-5.1.0-1.3.noarch.rpm Documentation for Octave
octave-forge-bim-1.1.5-1.5.noarch.rpm PDE Solver using a Finite Element/Finite Volume approach
octave-forge-cgi-0.1.2-1.5.noarch.rpm Common Gataway Interface for Octave
octave-forge-communications-1.2.1-3.2.i586.rpm Digital Communications for Octave
octave-forge-communications-1.2.1-3.2.x86_64.rpm Digital Communications for Octave
octave-forge-control-3.0.0-1.17.i586.rpm Computer-Aided Control System Design (CACSD) Tools
octave-forge-control-3.0.0-1.17.x86_64.rpm Computer-Aided Control System Design (CACSD) Tools
octave-forge-data-smoothing-1.3.0-1.11.noarch.rpm Algorithms for smoothing noisy data