Access Server 2.8 versions
Notice
Release date: Apr 21, 2021
Resolved security issues CVE-2020-36382 and CVE-2020-15077 related to CVE-2020-15078. See also the security advisory.
Resolved a bug where disabling client certificates would not work.
Resolved an unnecessary warning message in the log when External PKI was in use.
Resolved a rare crash of the web services.
Resolved a bug with querying more than 1000 user records on CentOS 8 when using SQLite databases.
Improved reliability of connectivity to Subscription licensing system when there are network connectivity problems.
Notice
Release date: Dec 8, 2020
Resolved an activation problem with fixed license keys on Ubuntu 20.
Resolved missing dependency on CentOS 8 for MySQL/MariaDB operations.
Added missing capability to select the group itself when granting access to groups.
Released bundled clients package v16 with Connect v3.2.3.1851 for Windows and Connect v3.2.7.3220 for macOS.
Notice
Release date: Aug 20, 2020
Added support for Ubuntu 20.04 LTS (Focal Fossa).
Added public IP detection logic for Oracle Cloud, to become available in a future image on Oracle.
Added CLI setting to control whether newest (default) or oldest tunnels get disconnected when exceeding subscription limit. (instructions)
Resolved a problem where cluster API certificates were not created with 2048 bits.
Resolved a problem with reporting client_ip_addr using the REST API in combination with Duo Security.
Submitted a patch upstream to Duo Security to improve handling of missing client_ip_addr on REST API.
Improved error messages on the Admin UI when common activation problems occur.
Released bundled clients package v13 with Connect v3.1.1.1180 for Windows and Connect v3.2.2.1899 for macOS.
Released bundled clients package v14 with Connect v3.2.4.2392 for macOS and Connect v2.7.1.111 for Windows and macOS.
Released bundled clients package v15 with Connect v3.2.2.1455 for Windows and Connect v3.2.5.2468 for macOS.
Notice
Release date: Jul 2, 2020
Improved the activation page in the Admin UI.
Updated jQuery library to v3.5.1 to address a security issue. (CVE-2020-11023)
Updated Twisted library to v20.3.0.
Updated Bootstrap library to v4.5.0.
Released new Connect Client bundled software package (version 12) that includes new OpenVPN Connect 3.2 stable client for Windows and macOS.
Notice
Release date: Jun 18, 2020
Updated the OpenVPN2 core component in Access Server to latest version 2.4.9.
Improved handling of situations with nodes in different versions on the same cluster (please always update all your nodes to latest version).
Improved logdba tool with new –jsondict function to show information in JSON dictionaries format.
Improved minor things in the client and admin web interface.
Resolved a problem where session token could last longer than intended expiration timeout (CVE-2020-15074). Thanks to Gert Döring for reporting this.
Resolved the situation where older Connect v2 clients would be unable to login when MFA and LDAP were used.
Resolved an issue where an activation key could activate on the wrong node in clustering mode.
Resolved a problem where multiple LDAP referrals were not working properly.
Resolved an error message on the User Permissions page when in layer 2 bridging mode.
Resolved a problem with group-to-user and group-to-group access control in the web interface.
Resolved a problem where a downloaded CSV file from the Log Report page was missing the error column.
Notice
Release date: Mar 23, 2020
Added option to select minimum TLS 1.3 setting when the operating system’s OpenSSL library supports it.
Resolved a temporary crash of web services if XML-RPC interface was set to full and attacked in specific way (CVE-2020-11462). Thanks to Suslov Maxim for reporting this.
Resolved a bug on the Advanced VPN page where TLS auth and compression could not be turned back on in the Admin UI.
Resolved a bug on the Log Reports page where some data would cause the Log Reports page to end the web session.
Resolved a bug where secondary LDAP server would not be called if first LDAP server timed out.
Resolved an issue with 1024 bits keys on Debian 10 and CentOS 8 by replacing 1024 bits DH key with 2048 bits DH key.
Removed UCARP as dependency and bundled own copy so UCARP failover can still work and cloud-init will work normally.
Released new Connect Client bundled software package (version 7) that includes new OpenVPN Connect 3.1.3 beta client for Windows.
Released new Connect Client bundled software package (version 8) that includes new OpenVPN Connect 2.7.1 client and 3.1.1 beta client for macOS.
Released new Connect Client bundled software package (version 9) that includes new OpenVPN Connect 2.7.1 client for Windows.
Released new Connect Client bundled software package (version 10) that includes new OpenVPN Connect 2.7.1 client for Windows.
Released new Connect Client bundled software package (version 11) that includes new OpenVPN Connect 2.7.1 client for Windows.
Notice
Release date: Feb 26, 2020
Resolved a problem with LDAP search queries when spaces were used in object names.
Resolved an issue where assigning static IPv6 addresses to VPN clients could fail.
Resolved a problem on CentOS 7 and Ubuntu 16 where an upgrade would require a manual start of the Access Server service.
Released new Connect Client bundled software package (version 6) that includes new OpenVPN Connect 3.1.2 beta client.
Notice
Release date: Feb 12, 2020
Resolved a security flaw in Access Server 2.8.0 when used in combination with an LDAP server for authentication. More details are in our security advisory.
Notice
Release date: Feb 6, 2020
Important changes that may require action to resolve after upgrading an existing system to Access Server 2.8.0:
Access Server 2.8.0 has switched to another LDAP library (Python-LDAP to LDAP3), this can affect post_auth scripting.
When using LDAP and post-auth scripts, you may find updated post-auth scripts here: post-auth scripting page.
Removed almost all bundled libraries and instead switched to using operating system provided libraries.
End-of-support for outdated operating systems:
Dropped support for operating systems Ubuntu 14 (32 bits and 64 bits) due to it being end-of-life since April 30, 2019.
Dropped support for operating systems Debian 8 (32 bits and 64 bits) due to outdated system libraries.
Dropped support for operating systems CentOS 6 and Red Hat 6 (32 bits and 64 bits) due to outdated system libraries.
Dropped support for all other operating systems that are 32 bits. Our focus for AS is on 64 bits operating systems.
Bug fixes and improvements:
Added support for the CentOS 8 and Red Hat 8 operating systems.
Certified Access Server for use on the Amazon Linux 2 operating system (version 2.7.5 and higher).
Certified Access Server for use on the Oracle Cloud platform (version 2.7.5 and higher).
Added TLS 1.3 support where OpenSSL library in the OS supports TLS 1.3 (centos/redhat8, ubuntu18, debian10) for web services and openvpn daemons.
Added SNI capability to LDAP authentication backend connectivity required for certain LDAP providers (enabled by default).
Added the ability to force Access Server to use case-sensitive username matching for LDAP and RADIUS.
Added support for external IP address detection on Microsoft Azure cloud platform.
Added a new version of bundled clients package with latest OpenVPN Connect v2 and v3 software.
Removed mbedTLS support in Access Server, since OpenSSL has proven more stable and secure.
Improved installation procedure on CentOS so required components are installed along with Access Server.
Improved uninstallation procedure on CentOS so system service is correctly removed.
Improved security for cluster communication API credentials.
Improved tiered licensing support on Amazon AWS to include regions ‘Hong Kong’ and ‘Bahrain’.
Improved redacting certain sensitive output to log file while using debug flags or failover mode.
Improved speed of cluster admin UI by removing some unnecessary database calls.
Improved web service interfaces by solving a number of minor problems.
Improved handling of malformed license keys – this can no longer cause a crash.
Improved output of command line installation post-install instructions.
Improved handling of startup of Access Server when no configuration is present yet.
Improved backup process to store multiple upgrade backups in timestamped directories.
Resolved a bug with ‘Get Renewal Keys’ button that would result in error messages.
Resolved a bug where autologin connections could fail after TLS refresh interval expired.
Resolved a bug where RADIUS 2FA challenge/response was erroneously asking for ‘Enter Authenticator Code’.
Resolved a bug where the web interface would not show a custom post_auth 2FA challenge if echo was turned off.
Resolved a bug with bootstrap user. It is now possible again to start Access Server without any bootstrap user.
Resolved the ‘MySQL server has gone away’ problem that occurred when MySQL backend was used.
Resolved the bug where Connect v3 was not offered on the client web service when all other offerings were turned off.
Resolved the bug where some web browsers could not download the log report from the admin web interface anymore.
Resolved a bug in UCARP LAN-based failover mode where some settings would not be copied to failover server.
Resolved a bug in the installation procedure by no longer requiring the presence of the libncurses5 library.
Resolved a bug with the start/stop server button when Google MFA is switched on.