Access Server 2.1 versions

Problems with gaps in sequentially ordered lists of keys in the configuration database are now automatically repaired when using sacli start on the command line.

TLS level 1.2 for the OpenVPN protocol is labeled the default for new installations. Upgrades of existing installations remain at the previously set level.

TLS level 1.1 for the web services is labeled the default for new installations. Upgrades of existing installations remain at the previously set level.

SSLv2 and SSLv3 support has been deprecated and will be removed completely in a future release.

SSL settings page is now renamed to TLS settings page, since TLS is now the prevalent technology and SSL is phasing out.

Alias interfaces like eth0:1 and such could not be selected for source NAT outgoing VPN client traffic. This bug has now been fixed.

An option has been added to completely disable TLS auth. This should only ever be used for compatibility with clients that offer no way to implement TLS auth at all.

Small code improvements, faster response time on web interface.

Fixed regression with broken overview in current users page.

OpenVPN Connect Client for Windows is signed properly.

Disabling compression on the server no longer leads to a compression stub error.

Security fixes for issues reported by Guido Vranken (CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, CVE-2017-7522) and other fixes.

OpenVPN Connect Client for Mac OS X updated to version 2.1.3.120 to address the “error no. 8″ bug that occurred on some systems that have an IPv6 DNS server assigned as primary DNS server.

OpenVPN Connect Client for Windows updated to version 2.1.3.111 to address the problem where an autologin type profile would endlessly loop in reconnection state when the autologin profile encounters an authorization problem (no longer valid, revoked, and such).

Access Server web services updated to fix CRLF injection vulnerability CVE-2017-5868 reported by Sysdream Labs.

Access Server OpenVPN core updated to fix CVE-2017-7478 and CVE-2017-7479 as well as other issues reported by Quarkslab and Cryptography Engineering LLC.

Added MAC address reporting on OpenVPN Connect Client for Windows and macOS.

Added support for systemd in Ubuntu 16.

Fixed a problem with DNS implementation on the server side where DNS options wouldn’t be pushed if the Windows Networking NETBIOS options was used on the server.

Fixed OpenSSL memory leak.

Introduced web session cookie expiration timers and rotation.

New packages for Ubuntu 16 now available.

Updated OpenSSL to 1.0.2h to fixes a reported security vulnerability in AES-NI.

Fixed an installation issue in OpenVPN Connect Client where the service component would not start after installation in some specific situations.

In the web admin interface on the VPN Settings page, added “DNS resolution zones” for setting “dhcp-option DOMAIN …” OpenVPN settings.

The previous “Default Domain Suffix” field is now used to set the “dhcp-option ADAPTER_DOMAIN_SUFFIX …” OpenVPN setting.

DNS behavior is now altered since version 2.1.0 of the Access Server. If you encounter problems please review your DNS settings in the admin web interface.

Ensure OpenVPN Connect Client respects the route-metric setting properly to set the metric cost on the VPN interface.

Small issue in OpenVPN Connect Client for Windows resolved that could break the “Go to <server>” menu command.

Disable tls-auth when “auth none” is given in config even when “tls-auth” directive is present.