From 88ea599de1af62f57dfdca2b6acffc94eb29d160 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Sat, 27 Jul 2024 17:38:01 -0700 Subject: [PATCH] Update changelog This also addresses the closely-related issue described in https://gitlab.com/openconnect/openconnect/-/merge_requests/500, where OpenConnect would prefer a GP server's IPv6 magic ping adress over its Legacy IP magic ping address, even if `--disable-ipv6` is specified: > Previous logic always preferred the ipv6 gateway address and magic for ESP > even if ipv6 was explicitly disabled. A VPN I use currently will only > negotiate an ESP connection over ipv4 despite advertising a v6 gateway. This similarly results in non-functional ESP: > The result was that with ipv6 enabled, ESP pings were sent but would not > renegotiate, with it disabled openconnect would erroneously report that > the response did not contain a matching gateway and keys. Signed-off-by: Daniel Lenski --- www/changelog.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/www/changelog.xml b/www/changelog.xml index ffc192e1..04b088f2 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -32,7 +32,8 @@
  • Sort GlobalProtect gateways according to portal's regionalized priority list (#663, !495).
  • openconnect_disable_dtls() allows to disable DTLS unless it is already connected (#697)
  • Enable DTLSv1.0 to continue working with OpenSSL v3.1.0 and newer (!504, !536).
    • -
  • Fix bug that caused OpenConnect to incorrectly log the remaining time until a re-key or periodic Trojan incorrect (#677, !539)
    • +
  • Fix bug that caused OpenConnect to incorrectly log the remaining time until a re-key or periodic Trojan (#677, !539)
    • +
  • Fix bug that prevented GlobalProtect ESP from working correctly when the server sends both Legacy IP and IPv6 versions of the ESP "magic ping" address, but no IPv6 client address (!565)

  • OpenConnect v9.12 -- 2.50.1