Return to NEWS CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools

ipsec-tools

    1: Version history:
    2: ----------------
    3: 0.8	- 18 March 2011
    4: 	o Fix authentication method ambiguity with kerberos and xauth
    5: 	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
    6: 	o Local address code rewrite to speed things up
    7: 	o Improved MIPv6 support (Arnaud Ebalard)
    8: 	o ISAKMP SA (phase1) rekeying
    9: 	o Improved scheduler (faster algorithm, support monotonic clock)
   10: 	o Handle RESPONDER-LIFETIME in quick mode
   11: 	o Handle INITIAL-CONTACT in from main mode too
   12: 	o Rewritten event handling framework for admin port
   13: 	o Ability to initiate IPsec SA through admin port
   14: 	o NAT-T Original Address handling (transport mode NAT-T support)
   15: 	o clean NAT-T - PFkey support
   16: 	o support for multiple anonymous remoteconfs
   17: 	o Remove various obsolete configuration options
   18: 	o A lot of other bug fixes, performance improvements and clean ups
   19: 
   20: 0.7.1	- 23 July 2008
   21: 	o Fixes a memory leak when invalid proposal received
   22: 	o Some fixes in DPD
   23: 	o do not set default gss id if xauth is used
   24: 	o fixed hybrid enabled builds
   25: 	o fixed compilation on FreeBSD8
   26: 	o cleanup in network port value manipulation
   27: 	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
   28: 	  purge_ipsec_spi()
   29: 	o Generates a log if cert validation has been disabled by
   30: 	  configuration
   31: 	o better handling for pfkey socket read errors
   32: 	o Fixes in yacc / bison stuff
   33: 	o new plog() macro (reduced CPU usage when logging is disabled)
   34: 	o Try to work better with huge SPD/SAD
   35: 	o Corrected modecfg option syntax
   36: 
   37: 0.7	- 09 August 2007
   38: 	o Xauth with pre-shared key PSK
   39: 	o Xauth with certificates
   40: 	o SHA2 support
   41: 	o pkcs7 support
   42: 	o system accounting (utmp)
   43: 	o Darwin support
   44: 	o configuration can be reloaded
   45: 	o Support for UNIQUE generated policies
   46: 	o Support for semi anonymous sainfos
   47: 	o Support for ph1id to remoteid matching
   48: 	o Plain RSA authentication
   49: 	o Native LDAP support for Xauth and modecfg
   50: 	o Group membership checks for Xauth and sainfo selection
   51: 	o Camellia cipher support
   52: 	o IKE Fragment force option
   53: 	o Modecfg SplitNet attribute support
   54: 	o Modecfg SplitDNS attribute support ( server side )
   55: 	o Modecfg Default Domain attribute support
   56: 	o Modecfg DNS/WINS server multiple attribute support
   57: 
   58: 0.6	- 27 June 2005
   59: 	o Generated policies are now correctly flushed
   60: 	o NAT-T works with multiple peers behind the NAT (need kernel support)
   61: 	o Xauth can use shadow passwords
   62: 	o TCP-MD5 support
   63: 	o PAM support for Xauth
   64: 	o Privilege separation
   65: 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
   66: 	o racoon admin interface is exported (header and library) to 
   67: 	  help building control programs for racoon (think GUI)
   68: 	o Fixed single DES support; single DES users MUST UPGRADE.
   69: 
   70: 0.5	- 10 April 2005
   71: 	o Rewritten buildsystem. Now completely autoconfed, automaked,
   72: 	  libtoolized.
   73: 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
   74: 	o Support for server-side hybrid authentication, with full 
   75: 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
   76: 	o Support for client-side hybrid authentication (Tested only with
   77: 	  a racoon server)
   78: 	o ISAKMP mode config support
   79: 	o IKE fragmentation support
   80: 	o Fixed FWD policy support.
   81: 	o Fixed IPv6 compilation.
   82: 	o Readline is optional, fixed setkey when compiled without readline.
   83: 	o Configurable Root-CA certificate.
   84: 	o Dead Peer Detection (DPD) support.
   85: 
   86: 0.4rc1	- 09 August 2004
   87: 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
   88: 	o Inheritance of 'remote{}' sections.
   89: 	o Support for SPD policy priorities in setkey.
   90: 	o Ciphers are now used through the 'EVP' interface which allows
   91: 	  using hardware crypto accelerators.
   92: 	o Setkey has new option -n (no action).
   93: 	o All source files now have 3-clause BSD license.
   94: 
   95: 0.3	- 14 April 2004
   96: 	o Fixed setkey to handle multiline commands again.
   97: 	o Added command 'exit' to setkey.
   98: 	o Fixed racoon to only Warn if no CRL was found.
   99: 	o Improved testsuite.
  100: 
  101: 0.3rc5	- 05 April 2004
  102: 	o Security bugfix WRT handling X.509 signatures.
  103: 	o Stability fix WRT unknown PF_KEY messages.
  104: 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
  105: 	o Setkey parses lines one by one => doesn't exit on errors.
  106: 	o Setkey supports readline => more user friendly.
  107: 
  108: 0.3rc4	- 25 March 2004
  109: 	o Fixed adding "null" encryption via 'setkey'.
  110: 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
  111: 	o Fixed NAT-T in aggresive mode.
  112: 	o Fixed testsuite and added testsuite run into make check.
  113: 
  114: 0.3rc3	- 19 March 2004
  115: 	o Fixed compilation error with --enble-yydebug
  116: 	o Better diagnostic when proposals don't match.
  117: 	o Changed/added options to setkey.
  118: 
  119: 0.3rc2	- 11 March 2004
  120: 	o Added documentation for NAT-T
  121: 	o Better NAT-T diagnostic.
  122: 	o Test and workaround for missing va_copy()
  123: 
  124: 0.3rc1	- 04 March 2004
  125: 	o Support for NAT Traversal (NAT-T)
  126: 
  127: 0.2.4	- 29 January 2004
  128: 	o Sync with KAME as of 2004-01-07
  129: 	o Fixed unauthorized deletion of SA in racoon (again).
  130: 
  131: 0.2.3	- 15 January 2004
  132: 	o Support for SA lifetime specified in bytes
  133: 	  (see setkey -bs/-bh options)
  134: 	o Enhance support for OpenSSL 0.9.7
  135: 	o Let racoon be more verbose
  136: 	o Fixed some simple bugs (see ChangeLog for details)
  137: 	o Fixed unauthorized deletion of SA in racoon
  138: 	o Fixed problems on AMD64
  139: 	o Ignore multicast addresses for IKE
  140: 
  141: 0.2.2	- 13 March 2003
  142: 	o Fix racoon to build on some systems that require linking against -lfl
  143: 	o add an RPM spec to the distribution
  144: 
  145: 0.2.1	- 07 March 2003
  146: 	o Fix some more gcc-3.2.2 compiler warnings
  147: 	o Fix racoon to actually configure with ssl in a non-standard location
  148: 	o Fix racoon to not complain if krb5-config is not installed
  149: 
  150: 0.2	- 06 March 2003
  151: 	o Glibc-2.3 support
  152: 	o OpenSSL-0.9.7 support
  153: 	o Fixed duplicate-macro problems
  154: 	o Fix racoon lex/yacc support
  155: 	o Install psk.txt mode 600, racoon.conf mode 644
  156: 	o Fix racoon to look in the correct directory for config files
  157: 
  158: 0.1	- 03 March 2003
  159: 	o Initial release of IPsec-Tools