NEWS revision 1.4.6.1
1 1.1 manu Version history: 2 1.1 manu ---------------- 3 1.4.6.1 vanhu 0.8 - 18 March 2011 4 1.4 tteras o Fix authentication method ambiguity with kerberos and xauth 5 1.4 tteras o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman) 6 1.4 tteras o Local address code rewrite to speed things up 7 1.4 tteras o Improved MIPv6 support (Arnaud Ebalard) 8 1.4 tteras o ISAKMP SA (phase1) rekeying 9 1.4 tteras o Improved scheduler (faster algorithm, support monotonic clock) 10 1.4 tteras o Handle RESPONDER-LIFETIME in quick mode 11 1.4 tteras o Handle INITIAL-CONTACT in from main mode too 12 1.4 tteras o Rewritten event handling framework for admin port 13 1.4 tteras o Ability to initiate IPsec SA through admin port 14 1.4 tteras o NAT-T Original Address handling (transport mode NAT-T support) 15 1.4.6.1 vanhu o clean NAT-T - PFkey support 16 1.4.6.1 vanhu o support for multiple anonymous remoteconfs 17 1.4 tteras o Remove various obsolete configuration options 18 1.4 tteras o A lot of other bug fixes, performance improvements and clean ups 19 1.4 tteras 20 1.4 tteras 0.7.1 - 23 July 2008 21 1.4 tteras o Fixes a memory leak when invalid proposal received 22 1.4 tteras o Some fixes in DPD 23 1.4 tteras o do not set default gss id if xauth is used 24 1.4 tteras o fixed hybrid enabled builds 25 1.4 tteras o fixed compilation on FreeBSD8 26 1.4 tteras o cleanup in network port value manipulation 27 1.4 tteras o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in 28 1.4 tteras purge_ipsec_spi() 29 1.4 tteras o Generates a log if cert validation has been disabled by 30 1.4 tteras configuration 31 1.4 tteras o better handling for pfkey socket read errors 32 1.4 tteras o Fixes in yacc / bison stuff 33 1.4 tteras o new plog() macro (reduced CPU usage when logging is disabled) 34 1.4 tteras o Try to work better with huge SPD/SAD 35 1.4 tteras o Corrected modecfg option syntax 36 1.4 tteras 37 1.4 tteras 0.7 - 09 August 2007 38 1.2 mgrooms o Xauth with pre-shared key PSK 39 1.2 mgrooms o Xauth with certificates 40 1.2 mgrooms o SHA2 support 41 1.2 mgrooms o pkcs7 support 42 1.2 mgrooms o system accounting (utmp) 43 1.2 mgrooms o Darwin support 44 1.2 mgrooms o configuration can be reloaded 45 1.2 mgrooms o Support for UNIQUE generated policies 46 1.2 mgrooms o Support for semi anonymous sainfos 47 1.2 mgrooms o Support for ph1id to remoteid matching 48 1.2 mgrooms o Plain RSA authentication 49 1.2 mgrooms o Native LDAP support for Xauth and modecfg 50 1.2 mgrooms o Group membership checks for Xauth and sainfo selection 51 1.2 mgrooms o Camellia cipher support 52 1.2 mgrooms o IKE Fragment force option 53 1.2 mgrooms o Modecfg SplitNet attribute support 54 1.2 mgrooms o Modecfg SplitDNS attribute support ( server side ) 55 1.2 mgrooms o Modecfg Default Domain attribute support 56 1.2 mgrooms o Modecfg DNS/WINS server multiple attribute support 57 1.2 mgrooms 58 1.2 mgrooms 0.6 - 27 June 2005 59 1.2 mgrooms o Generated policies are now correctly flushed 60 1.2 mgrooms o NAT-T works with multiple peers behind the NAT (need kernel support) 61 1.2 mgrooms o Xauth can use shadow passwords 62 1.2 mgrooms o TCP-MD5 support 63 1.1 manu o PAM support for Xauth 64 1.1 manu o Privilege separation 65 1.1 manu o ESP fragmentation in tunnel mode can be tunned (NetBSD only) 66 1.1 manu o racoon admin interface is exported (header and library) to 67 1.1 manu help building control programs for racoon (think GUI) 68 1.4 tteras o Fixed single DES support; single DES users MUST UPGRADE. 69 1.1 manu 70 1.2 mgrooms 0.5 - 10 April 2005 71 1.1 manu o Rewritten buildsystem. Now completely autoconfed, automaked, 72 1.1 manu libtoolized. 73 1.1 manu o IPsec-tools now compiles on NetBSD and FreeBSD again. 74 1.1 manu o Support for server-side hybrid authentication, with full 75 1.1 manu RADIUS supoort. This is interoperable with the Cisco VPN client. 76 1.1 manu o Support for client-side hybrid authentication (Tested only with 77 1.1 manu a racoon server) 78 1.1 manu o ISAKMP mode config support 79 1.1 manu o IKE fragmentation support 80 1.1 manu o Fixed FWD policy support. 81 1.1 manu o Fixed IPv6 compilation. 82 1.1 manu o Readline is optional, fixed setkey when compiled without readline. 83 1.1 manu o Configurable Root-CA certificate. 84 1.1 manu o Dead Peer Detection (DPD) support. 85 1.1 manu 86 1.1 manu 0.4rc1 - 09 August 2004 87 1.1 manu o Merged support for PlainRSA keys from the 'plainrsa' branch. 88 1.1 manu o Inheritance of 'remote{}' sections. 89 1.1 manu o Support for SPD policy priorities in setkey. 90 1.1 manu o Ciphers are now used through the 'EVP' interface which allows 91 1.1 manu using hardware crypto accelerators. 92 1.1 manu o Setkey has new option -n (no action). 93 1.1 manu o All source files now have 3-clause BSD license. 94 1.1 manu 95 1.1 manu 0.3 - 14 April 2004 96 1.4 tteras o Fixed setkey to handle multiline commands again. 97 1.1 manu o Added command 'exit' to setkey. 98 1.1 manu o Fixed racoon to only Warn if no CRL was found. 99 1.1 manu o Improved testsuite. 100 1.1 manu 101 1.1 manu 0.3rc5 - 05 April 2004 102 1.1 manu o Security bugfix WRT handling X.509 signatures. 103 1.1 manu o Stability fix WRT unknown PF_KEY messages. 104 1.1 manu o Fixed NAT-T with more proposals (e.g. more crypto algos). 105 1.1 manu o Setkey parses lines one by one => doesn't exit on errors. 106 1.1 manu o Setkey supports readline => more user friendly. 107 1.1 manu 108 1.1 manu 0.3rc4 - 25 March 2004 109 1.1 manu o Fixed adding "null" encryption via 'setkey'. 110 1.1 manu o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 111 1.1 manu o Fixed NAT-T in aggresive mode. 112 1.1 manu o Fixed testsuite and added testsuite run into make check. 113 1.1 manu 114 1.1 manu 0.3rc3 - 19 March 2004 115 1.1 manu o Fixed compilation error with --enble-yydebug 116 1.1 manu o Better diagnostic when proposals don't match. 117 1.1 manu o Changed/added options to setkey. 118 1.1 manu 119 1.1 manu 0.3rc2 - 11 March 2004 120 1.1 manu o Added documentation for NAT-T 121 1.1 manu o Better NAT-T diagnostic. 122 1.1 manu o Test and workaround for missing va_copy() 123 1.1 manu 124 1.1 manu 0.3rc1 - 04 March 2004 125 1.1 manu o Support for NAT Traversal (NAT-T) 126 1.1 manu 127 1.1 manu 0.2.4 - 29 January 2004 128 1.1 manu o Sync with KAME as of 2004-01-07 129 1.1 manu o Fixed unauthorized deletion of SA in racoon (again). 130 1.1 manu 131 1.1 manu 0.2.3 - 15 January 2004 132 1.1 manu o Support for SA lifetime specified in bytes 133 1.1 manu (see setkey -bs/-bh options) 134 1.1 manu o Enhance support for OpenSSL 0.9.7 135 1.1 manu o Let racoon be more verbose 136 1.1 manu o Fixed some simple bugs (see ChangeLog for details) 137 1.1 manu o Fixed unauthorized deletion of SA in racoon 138 1.1 manu o Fixed problems on AMD64 139 1.1 manu o Ignore multicast addresses for IKE 140 1.1 manu 141 1.1 manu 0.2.2 - 13 March 2003 142 1.1 manu o Fix racoon to build on some systems that require linking against -lfl 143 1.1 manu o add an RPM spec to the distribution 144 1.1 manu 145 1.1 manu 0.2.1 - 07 March 2003 146 1.1 manu o Fix some more gcc-3.2.2 compiler warnings 147 1.1 manu o Fix racoon to actually configure with ssl in a non-standard location 148 1.1 manu o Fix racoon to not complain if krb5-config is not installed 149 1.1 manu 150 1.1 manu 0.2 - 06 March 2003 151 1.1 manu o Glibc-2.3 support 152 1.1 manu o OpenSSL-0.9.7 support 153 1.1 manu o Fixed duplicate-macro problems 154 1.1 manu o Fix racoon lex/yacc support 155 1.1 manu o Install psk.txt mode 600, racoon.conf mode 644 156 1.1 manu o Fix racoon to look in the correct directory for config files 157 1.1 manu 158 1.1 manu 0.1 - 03 March 2003 159 1.1 manu o Initial release of IPsec-Tools 160
Indexes created Thu Apr 23 00:23:13 UTC 2026