Access Server 2.11 versions
Notice
Release date: Jan 26, 2023
Fixed a regression with handling "user data" metadata on new instance launch on Amazon AWS.
Notice
Release date: Jan 17, 2023
Fixed bugs on User Permissions page that affected pagination and could cause unintended changes.
Fixed a bug where changing a setting on SAML authentication would inadvertently disable it.
Fixed a bug where a SAML configuration mistake could cause all authentication methods to fail.
Fixed a bug where an admin user in a non-admin group would not have configured static IP applied.
Fixed a bug where the real IP of a failed VPN authentication attempt would not be logged.
Fixed a bug where sacli actions would show in log with an incorrect timestamp.
Fixed a bug where web session expiration would not work correctly when custom ports were used.
Added configuration option to increase allowed amount of SQLalchemy connections.
Added handling to block attempts to login via SAML or PAS only when combined with embedded MFA.
Added warning on admin UI when administrator tries to configure SAML or PAS only with embedded MFA.
Improved error handling for incorrect SAML and RADIUS authentication method configuration.
Notice
Release date: Oct 20, 2022
Added support for Red Hat 9.
Added support for SAML AuthNContext parameter.
Added support for SAML AuthNForce parameter.
Added support for SAML group to Access Server group mapping using post_auth scripting.
Added PAS only authentication method to incorporate custom authentication in post_auth better.
Added TOTP MFA settings to User and Group Permissions pages in the Admin UI.
Added sacli support command for easier gathering of log and diagnostic data.
Fixed a security issue with custom post_auth authentication by implementing PAS only authentication.
Fixed a security issue with init.log permissions on upgrades.
Improved upgrade case when External PKI is in use, to ensure TLS Crypt v2 keys are present.
Improved upgrade case to solve inter-node communication problems when upgrading cluster directly from v2.7.5.
Improved upgrade case where bootstrap users not listed in User Permissions couldn't login after upgrade.
Improved user handling in sacli when using TOTP command line functions.
Improved end-user experience with SAML authentication completed page.
Improved handling of CAs that use an invalid (negative) serial number.
Improved status reporting of authentication methods on User and Group Permissions pages in Admin UI.
Fixed a regression where TLS setting for clients would not be inherited from the server side setting.
Fixed a regression where exceeding max-clients could crash OpenVPN server daemon.
Fixed a regression where Disable NetBIOS setting was pushing incorrect parameter.
Fixed a bug with the SAML on/off toggle in the Authentication settings.
Fixed a bug where changing autologin permission could reset TOTP MFA.
Fixed a bug where Token URL import with custom port and service forwarding disabled would fail.
Fixed a bug with missing dependencies requirements for certain Python3 packages.
Fixed a bug where SAML and PAS Only authentication methods were not passed to post_auth script.
Fixed a bug where LDAP reverification for autologin users could cause MFA to be required.
Fixed a bug where OpenVPN daemon job queue size warning would mention wrong config key.
Fixed a bug where the most recent event from Log Reports page was not present in CSV file.
Released bundled clients package v26 with Connect v3.4.0.4506 for macOS.
Released bundled clients package v27 with Connect v3.4.1.4522 for macOS.
Notice
Release date: Jun 29, 2022
New features:
Added SAML authentication support.
Added openvpn:// URI connection profile import method.
Added support for Ubuntu 22.04 LTS (Jammy Jellyfish).
Added multiple thread support for LDAP authentication.
Added option to use scrypt for local user password hashes.
Bug fixes and improvements:
Fixed weak PRNG security issue CVE-2022-33738 on the web interface. Thanks to Aliz Hammond of WatchTowr.
Fixed init.log file permission security issue CVE-2022-33737 for new installs. Thanks to Aliz Hammond of WatchTowr.
Fixed the amplification attack security issue CVE-2021-4234 in OpenVPN.
Updated OpenVPN2 core to 2.6_as11.
Changed Google Authenticator terminology to TOTP MFA.
Changed cluster admin_c bootstrap PAM user to local user.
Fixed a bug where OMI communication with OpenVPN daemons could stall.
Improved logging to include client version details.
Improved AWS licensing to use RSA 2048-bit certificates.
Improved compatibility with operating systems running in FIPS restricted mode.
Removed Get1, Get5, AutoGenerate, and AutoGenerateOnBehalfOf from CLI/API.
Important notes:
The Get1, Get5, AutoGenerate, and AutoGenerateOnBehalfOf CLI/API functions were deprecated/removed. Automation script may need to be updated.
For MFA on SAML accounts, please use the SAML IDP's MFA settings. The built-in MFA of Access Server is not supported on SAML accounts.
When upgrading from version 2.7.5 in a cluster, please reset admin_c password manually. Only applies to upgrades from version 2.7.5 specifically.
Cluster admin_c bootstrap user was changed from a PAM user to a local user. We recommend to clean up the PAM user account admin_c after upgrade.
SAML requires OpenVPN Connect v3.3 or a very recent open source OpenVPN client supporting web authentication.
On AS 2.11.0, AUTH_NULL custom post_auth authentication system doesn't work in cluster mode. This will be restored in a later release.
On direct upgrades from version 2.7.5 in a cluster, inter-cluster communication breaks down. This can be solved by resetting admin_c user password manually. Only applies to upgrades from version 2.7.5 specifically.