Skip to main content

Access Server 2.14 versions

Access Server 2.14.0

Notice

Release date: Jun 20, 2024

New features:

  • Introduced a new web framework for the client web service.

  • Added support for Ubuntu 24.04 LTS (Noble Numbat).

Bug fixes and improvements:

  • Updated Twisted library to 22.4.

  • Updated OpenVPN2 core to 2.6.10as1.

  • Fixed security issue CVE-2024-28882.

  • Removed bundled web CA for LDAP SSL verification, rely on system certificate store instead.

  • Removed deprecated Connect v2 client from the web interface. Connect v3 is recommended instead.

  • Enhanced the sacli subscriptionstatus output with additional subscription key details.

  • Fixed an issue with reloading iptables ruleset after sacli start.

Important notes:

  • Dropped support for CentOS 7, Red Hat 7, and Debian 10 operating systems. These operating systems will reach end-of-life in June 2024. We also dropped support for Amazon Linux 2. We currently recommend using Ubuntu 22.04 LTS or 24.04 LTS, Debian 12, or Red Hat 9.

  • The client web interface no longer offers OpenVPN Connect v2, as this is a deprecated client. It now offers OpenVPN Connect v3, which is the recommended client program.

  • The client web interface has been reimplemented in a more modern web framework, but it still looks and works mostly the same. The admin UI will also receive an overhaul in an upcoming release.

  • A known issue is that users authenticated via RADIUS with MFA challenge (e.g., OKTA with RADIUS agent) can use only auto-push as a multi-factor login. Verification codes, SMS, and emails are not supported as a second factor. For customers encountering this issue, we advise waiting to upgrade until 2.14.1, when this issue will be resolved. OKTA SAML authentication is not affected by this issue.

  • A known issue is that accessing the profiles overview in the client web service in external PKI mode shows an error message, as that function is unavailable in external PKI mode. We will hide this page in 2.14.1 for the external PKI case.

  • A known issue is that creating an autologin profile for another user on the Admin Web UI doesn't work if the admin user doesn't have autologin privileges. This will be resolved in 2.14.1.

  • A known issue is that users of the Duo security post_auth script get a generic message asking for the MFA code instead of the custom message generated by the Duo post_auth script. Support for custom messages will be reintroduced in 2.14.1.