Annotation of embedaddon/ipsec-tools/NEWS, revision 1.1.1.1
1.1 misho 1: Version history:
2: ----------------
3: 0.8 - 18 March 2011
4: o Fix authentication method ambiguity with kerberos and xauth
5: o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
6: o Local address code rewrite to speed things up
7: o Improved MIPv6 support (Arnaud Ebalard)
8: o ISAKMP SA (phase1) rekeying
9: o Improved scheduler (faster algorithm, support monotonic clock)
10: o Handle RESPONDER-LIFETIME in quick mode
11: o Handle INITIAL-CONTACT in from main mode too
12: o Rewritten event handling framework for admin port
13: o Ability to initiate IPsec SA through admin port
14: o NAT-T Original Address handling (transport mode NAT-T support)
15: o clean NAT-T - PFkey support
16: o support for multiple anonymous remoteconfs
17: o Remove various obsolete configuration options
18: o A lot of other bug fixes, performance improvements and clean ups
19:
20: 0.7.1 - 23 July 2008
21: o Fixes a memory leak when invalid proposal received
22: o Some fixes in DPD
23: o do not set default gss id if xauth is used
24: o fixed hybrid enabled builds
25: o fixed compilation on FreeBSD8
26: o cleanup in network port value manipulation
27: o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
28: purge_ipsec_spi()
29: o Generates a log if cert validation has been disabled by
30: configuration
31: o better handling for pfkey socket read errors
32: o Fixes in yacc / bison stuff
33: o new plog() macro (reduced CPU usage when logging is disabled)
34: o Try to work better with huge SPD/SAD
35: o Corrected modecfg option syntax
36:
37: 0.7 - 09 August 2007
38: o Xauth with pre-shared key PSK
39: o Xauth with certificates
40: o SHA2 support
41: o pkcs7 support
42: o system accounting (utmp)
43: o Darwin support
44: o configuration can be reloaded
45: o Support for UNIQUE generated policies
46: o Support for semi anonymous sainfos
47: o Support for ph1id to remoteid matching
48: o Plain RSA authentication
49: o Native LDAP support for Xauth and modecfg
50: o Group membership checks for Xauth and sainfo selection
51: o Camellia cipher support
52: o IKE Fragment force option
53: o Modecfg SplitNet attribute support
54: o Modecfg SplitDNS attribute support ( server side )
55: o Modecfg Default Domain attribute support
56: o Modecfg DNS/WINS server multiple attribute support
57:
58: 0.6 - 27 June 2005
59: o Generated policies are now correctly flushed
60: o NAT-T works with multiple peers behind the NAT (need kernel support)
61: o Xauth can use shadow passwords
62: o TCP-MD5 support
63: o PAM support for Xauth
64: o Privilege separation
65: o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
66: o racoon admin interface is exported (header and library) to
67: help building control programs for racoon (think GUI)
68: o Fixed single DES support; single DES users MUST UPGRADE.
69:
70: 0.5 - 10 April 2005
71: o Rewritten buildsystem. Now completely autoconfed, automaked,
72: libtoolized.
73: o IPsec-tools now compiles on NetBSD and FreeBSD again.
74: o Support for server-side hybrid authentication, with full
75: RADIUS supoort. This is interoperable with the Cisco VPN client.
76: o Support for client-side hybrid authentication (Tested only with
77: a racoon server)
78: o ISAKMP mode config support
79: o IKE fragmentation support
80: o Fixed FWD policy support.
81: o Fixed IPv6 compilation.
82: o Readline is optional, fixed setkey when compiled without readline.
83: o Configurable Root-CA certificate.
84: o Dead Peer Detection (DPD) support.
85:
86: 0.4rc1 - 09 August 2004
87: o Merged support for PlainRSA keys from the 'plainrsa' branch.
88: o Inheritance of 'remote{}' sections.
89: o Support for SPD policy priorities in setkey.
90: o Ciphers are now used through the 'EVP' interface which allows
91: using hardware crypto accelerators.
92: o Setkey has new option -n (no action).
93: o All source files now have 3-clause BSD license.
94:
95: 0.3 - 14 April 2004
96: o Fixed setkey to handle multiline commands again.
97: o Added command 'exit' to setkey.
98: o Fixed racoon to only Warn if no CRL was found.
99: o Improved testsuite.
100:
101: 0.3rc5 - 05 April 2004
102: o Security bugfix WRT handling X.509 signatures.
103: o Stability fix WRT unknown PF_KEY messages.
104: o Fixed NAT-T with more proposals (e.g. more crypto algos).
105: o Setkey parses lines one by one => doesn't exit on errors.
106: o Setkey supports readline => more user friendly.
107:
108: 0.3rc4 - 25 March 2004
109: o Fixed adding "null" encryption via 'setkey'.
110: o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
111: o Fixed NAT-T in aggresive mode.
112: o Fixed testsuite and added testsuite run into make check.
113:
114: 0.3rc3 - 19 March 2004
115: o Fixed compilation error with --enble-yydebug
116: o Better diagnostic when proposals don't match.
117: o Changed/added options to setkey.
118:
119: 0.3rc2 - 11 March 2004
120: o Added documentation for NAT-T
121: o Better NAT-T diagnostic.
122: o Test and workaround for missing va_copy()
123:
124: 0.3rc1 - 04 March 2004
125: o Support for NAT Traversal (NAT-T)
126:
127: 0.2.4 - 29 January 2004
128: o Sync with KAME as of 2004-01-07
129: o Fixed unauthorized deletion of SA in racoon (again).
130:
131: 0.2.3 - 15 January 2004
132: o Support for SA lifetime specified in bytes
133: (see setkey -bs/-bh options)
134: o Enhance support for OpenSSL 0.9.7
135: o Let racoon be more verbose
136: o Fixed some simple bugs (see ChangeLog for details)
137: o Fixed unauthorized deletion of SA in racoon
138: o Fixed problems on AMD64
139: o Ignore multicast addresses for IKE
140:
141: 0.2.2 - 13 March 2003
142: o Fix racoon to build on some systems that require linking against -lfl
143: o add an RPM spec to the distribution
144:
145: 0.2.1 - 07 March 2003
146: o Fix some more gcc-3.2.2 compiler warnings
147: o Fix racoon to actually configure with ssl in a non-standard location
148: o Fix racoon to not complain if krb5-config is not installed
149:
150: 0.2 - 06 March 2003
151: o Glibc-2.3 support
152: o OpenSSL-0.9.7 support
153: o Fixed duplicate-macro problems
154: o Fix racoon lex/yacc support
155: o Install psk.txt mode 600, racoon.conf mode 644
156: o Fix racoon to look in the correct directory for config files
157:
158: 0.1 - 03 March 2003
159: o Initial release of IPsec-Tools
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools