Skip to main content

Access Server 2.8 versions

Notice

Release date: Apr 21, 2021

  • Resolved security issues CVE-2020-36382 and CVE-2020-15077 related to CVE-2020-15078. See also the security advisory.

  • Resolved a bug where disabling client certificates would not work.

  • Resolved an unnecessary warning message in the log when External PKI was in use.

  • Resolved a rare crash of the web services.

  • Resolved a bug with querying more than 1000 user records on CentOS 8 when using SQLite databases.

  • Improved reliability of connectivity to Subscription licensing system when there are network connectivity problems.

Notice

Release date: Dec 8, 2020

  • Resolved an activation problem with fixed license keys on Ubuntu 20.

  • Resolved missing dependency on CentOS 8 for MySQL/MariaDB operations.

  • Added missing capability to select the group itself when granting access to groups.

  • Released bundled clients package v16 with Connect v3.2.3.1851 for Windows and Connect v3.2.7.3220 for macOS.

Notice

Release date: Aug 20, 2020

  • Added support for Ubuntu 20.04 LTS (Focal Fossa).

  • Added public IP detection logic for Oracle Cloud, to become available in a future image on Oracle.

  • Added CLI setting to control whether newest (default) or oldest tunnels get disconnected when exceeding subscription limit. (instructions)

  • Resolved a problem where cluster API certificates were not created with 2048 bits.

  • Resolved a problem with reporting client_ip_addr using the REST API in combination with Duo Security.

  • Submitted a patch upstream to Duo Security to improve handling of missing client_ip_addr on REST API.

  • Improved error messages on the Admin UI when common activation problems occur.

  • Released bundled clients package v13 with Connect v3.1.1.1180 for Windows and Connect v3.2.2.1899 for macOS.

  • Released bundled clients package v14 with Connect v3.2.4.2392 for macOS and Connect v2.7.1.111 for Windows and macOS.

  • Released bundled clients package v15 with Connect v3.2.2.1455 for Windows and Connect v3.2.5.2468 for macOS.

Notice

Release date: Jul 2, 2020

  • Improved the activation page in the Admin UI.

  • Updated jQuery library to v3.5.1 to address a security issue. (CVE-2020-11023)

  • Updated Twisted library to v20.3.0.

  • Updated Bootstrap library to v4.5.0.

  • Released new Connect Client bundled software package (version 12) that includes new OpenVPN Connect 3.2 stable client for Windows and macOS.

Notice

Release date: Jun 18, 2020

  • Updated the OpenVPN2 core component in Access Server to latest version 2.4.9.

  • Improved handling of situations with nodes in different versions on the same cluster (please always update all your nodes to latest version).

  • Improved logdba tool with new –jsondict function to show information in JSON dictionaries format.

  • Improved minor things in the client and admin web interface.

  • Resolved a problem where session token could last longer than intended expiration timeout (CVE-2020-15074). Thanks to Gert Döring for reporting this.

  • Resolved the situation where older Connect v2 clients would be unable to login when MFA and LDAP were used.

  • Resolved an issue where an activation key could activate on the wrong node in clustering mode.

  • Resolved a problem where multiple LDAP referrals were not working properly.

  • Resolved an error message on the User Permissions page when in layer 2 bridging mode.

  • Resolved a problem with group-to-user and group-to-group access control in the web interface.

  • Resolved a problem where a downloaded CSV file from the Log Report page was missing the error column.

Notice

Release date: Mar 23, 2020

  • Added option to select minimum TLS 1.3 setting when the operating system’s OpenSSL library supports it.

  • Resolved a temporary crash of web services if XML-RPC interface was set to full and attacked in specific way (CVE-2020-11462). Thanks to Suslov Maxim for reporting this.

  • Resolved a bug on the Advanced VPN page where TLS auth and compression could not be turned back on in the Admin UI.

  • Resolved a bug on the Log Reports page where some data would cause the Log Reports page to end the web session.

  • Resolved a bug where secondary LDAP server would not be called if first LDAP server timed out.

  • Resolved an issue with 1024 bits keys on Debian 10 and CentOS 8 by replacing 1024 bits DH key with 2048 bits DH key.

  • Removed UCARP as dependency and bundled own copy so UCARP failover can still work and cloud-init will work normally.

  • Released new Connect Client bundled software package (version 7) that includes new OpenVPN Connect 3.1.3 beta client for Windows.

  • Released new Connect Client bundled software package (version 8) that includes new OpenVPN Connect 2.7.1 client and 3.1.1 beta client for macOS.

  • Released new Connect Client bundled software package (version 9) that includes new OpenVPN Connect 2.7.1 client for Windows.

  • Released new Connect Client bundled software package (version 10) that includes new OpenVPN Connect 2.7.1 client for Windows.

  • Released new Connect Client bundled software package (version 11) that includes new OpenVPN Connect 2.7.1 client for Windows.

Notice

Release date: Feb 26, 2020

  • Resolved a problem with LDAP search queries when spaces were used in object names.

  • Resolved an issue where assigning static IPv6 addresses to VPN clients could fail.

  • Resolved a problem on CentOS 7 and Ubuntu 16 where an upgrade would require a manual start of the Access Server service.

  • Released new Connect Client bundled software package (version 6) that includes new OpenVPN Connect 3.1.2 beta client.

Notice

Release date: Feb 12, 2020

  • Resolved a security flaw in Access Server 2.8.0 when used in combination with an LDAP server for authentication. More details are in our security advisory.

Notice

Release date: Feb 6, 2020

Important changes that may require action to resolve after upgrading an existing system to Access Server 2.8.0:

  • Access Server 2.8.0 has switched to another LDAP library (Python-LDAP to LDAP3), this can affect post_auth scripting.

  • When using LDAP and post-auth scripts, you may find updated post-auth scripts here: post-auth scripting page.

  • Removed almost all bundled libraries and instead switched to using operating system provided libraries.

End-of-support for outdated operating systems:

  • Dropped support for operating systems Ubuntu 14 (32 bits and 64 bits) due to it being end-of-life since April 30, 2019.

  • Dropped support for operating systems Debian 8 (32 bits and 64 bits) due to outdated system libraries.

  • Dropped support for operating systems CentOS 6 and Red Hat 6 (32 bits and 64 bits) due to outdated system libraries.

  • Dropped support for all other operating systems that are 32 bits. Our focus for AS is on 64 bits operating systems.

Bug fixes and improvements:

  • Added support for the CentOS 8 and Red Hat 8 operating systems.

  • Certified Access Server for use on the Amazon Linux 2 operating system (version 2.7.5 and higher).

  • Certified Access Server for use on the Oracle Cloud platform (version 2.7.5 and higher).

  • Added TLS 1.3 support where OpenSSL library in the OS supports TLS 1.3 (centos/redhat8, ubuntu18, debian10) for web services and openvpn daemons.

  • Added SNI capability to LDAP authentication backend connectivity required for certain LDAP providers (enabled by default).

  • Added the ability to force Access Server to use case-sensitive username matching for LDAP and RADIUS.

  • Added support for external IP address detection on Microsoft Azure cloud platform.

  • Added a new version of bundled clients package with latest OpenVPN Connect v2 and v3 software.

  • Removed mbedTLS support in Access Server, since OpenSSL has proven more stable and secure.

  • Improved installation procedure on CentOS so required components are installed along with Access Server.

  • Improved uninstallation procedure on CentOS so system service is correctly removed.

  • Improved security for cluster communication API credentials.

  • Improved tiered licensing support on Amazon AWS to include regions ‘Hong Kong’ and ‘Bahrain’.

  • Improved redacting certain sensitive output to log file while using debug flags or failover mode.

  • Improved speed of cluster admin UI by removing some unnecessary database calls.

  • Improved web service interfaces by solving a number of minor problems.

  • Improved handling of malformed license keys – this can no longer cause a crash.

  • Improved output of command line installation post-install instructions.

  • Improved handling of startup of Access Server when no configuration is present yet.

  • Improved backup process to store multiple upgrade backups in timestamped directories.

  • Resolved a bug with ‘Get Renewal Keys’ button that would result in error messages.

  • Resolved a bug where autologin connections could fail after TLS refresh interval expired.

  • Resolved a bug where RADIUS 2FA challenge/response was erroneously asking for ‘Enter Authenticator Code’.

  • Resolved a bug where the web interface would not show a custom post_auth 2FA challenge if echo was turned off.

  • Resolved a bug with bootstrap user. It is now possible again to start Access Server without any bootstrap user.

  • Resolved the ‘MySQL server has gone away’ problem that occurred when MySQL backend was used.

  • Resolved the bug where Connect v3 was not offered on the client web service when all other offerings were turned off.

  • Resolved the bug where some web browsers could not download the log report from the admin web interface anymore.

  • Resolved a bug in UCARP LAN-based failover mode where some settings would not be copied to failover server.

  • Resolved a bug in the installation procedure by no longer requiring the presence of the libncurses5 library.

  • Resolved a bug with the start/stop server button when Google MFA is switched on.