(I swear I PM'd you like a month ago, and was getting annoyed I didn't get a response, but I don't see any copy of it in the sent box, so I guess it wasn't sent. *sigh* No idea, not the first forum blackhole I fell into...) Edit: Yea, trying to send you a PM only results in it going to Outbox, not Sent box.
Basically, it's been almost 3 years since you've lasted updated neorouter free for linux. The last version was supposed to fix SSLv3 vulnerabilities, but from the log, its clearly still using it and is a bug. That's really poor QA.(Link removed because your forum spam filtering is garbage). Your FAQ and release notes disagree on the default setting.
Quote:
#Description: Whether disable SSLv3 protocol and use TLS only
#Options: 0-Disabled; 1-Enabled
#Default: 1
DisableSSLv3=1
Quote:
* Added new feature option to disable SSLv3 protocol
Code:
DisableSSLv3=0 (default 0; 0 - enable SSLv3; 1 - disable SSLv3 and to use TLS1/1.1/1.2)
Have you stopped supporting the linux free versions? 2.5+ years is ancient in security/vpn times, especially when you're using components with publicized bugs and exploits. In fact, its highly suspicious you're not updating it with highly publicized exploits. I've given up on collecting and reporting bugs due to the lack of love.
With the new features (ssl certs and Remote access changes) you're adding to the other clients, its getting more and more incompatible with the older linux server and clients. Or just update the 1.1.14 FAQ to say something like, "Neorouter free servers on linux does not support SSL certs and therefore remote access either for Android and iOS devices".
The forums don't have much activity and so I don't know if things are winding down for development, but it would be good to get an official answer on whether the server development has seized. I can understand how a Free product isn't going to pay the bills. Usually the model is the free versions are the beta testers, the paid customers get the stable versions to ease on paid support people and screw ups. But I think you're at the point where you're just adding the features right to the paid versions and killing off the free versions.
I'd appreciate knowing whether free version has been end of life'd and that the bugs will not be fixed.
Best regards