1 | Version history: |
---|
2 | ---------------- |
---|
3 | 0.8.2 - 27 February 2014 |
---|
4 | o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev) |
---|
5 | o Fix source port selection regression from version 0.8.1 |
---|
6 | o Various logging improvements |
---|
7 | o Additional compliance and build fixes |
---|
8 | |
---|
9 | 0.8.1 - 08 January 2013 |
---|
10 | o Improved X.509 subject name comparation (Götz Babin-Ebell) |
---|
11 | o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink) |
---|
12 | o Allow simplified syntax for inherited remote blocks (Roman Antink) |
---|
13 | o Never shring pfkey socket buffer (Marcelo Leitner) |
---|
14 | o Privilege separation child process exit fix |
---|
15 | o Multiple memory allocation and use-after-free fixes |
---|
16 | |
---|
17 | 0.8 - 18 March 2011 |
---|
18 | o Fix authentication method ambiguity with kerberos and xauth |
---|
19 | o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman) |
---|
20 | o Local address code rewrite to speed things up |
---|
21 | o Improved MIPv6 support (Arnaud Ebalard) |
---|
22 | o ISAKMP SA (phase1) rekeying |
---|
23 | o Improved scheduler (faster algorithm, support monotonic clock) |
---|
24 | o Handle RESPONDER-LIFETIME in quick mode |
---|
25 | o Handle INITIAL-CONTACT in from main mode too |
---|
26 | o Rewritten event handling framework for admin port |
---|
27 | o Ability to initiate IPsec SA through admin port |
---|
28 | o NAT-T Original Address handling (transport mode NAT-T support) |
---|
29 | o clean NAT-T - PFkey support |
---|
30 | o support for multiple anonymous remoteconfs |
---|
31 | o Remove various obsolete configuration options |
---|
32 | o A lot of other bug fixes, performance improvements and clean ups |
---|
33 | |
---|
34 | 0.7.1 - 23 July 2008 |
---|
35 | o Fixes a memory leak when invalid proposal received |
---|
36 | o Some fixes in DPD |
---|
37 | o do not set default gss id if xauth is used |
---|
38 | o fixed hybrid enabled builds |
---|
39 | o fixed compilation on FreeBSD8 |
---|
40 | o cleanup in network port value manipulation |
---|
41 | o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in |
---|
42 | purge_ipsec_spi() |
---|
43 | o Generates a log if cert validation has been disabled by |
---|
44 | configuration |
---|
45 | o better handling for pfkey socket read errors |
---|
46 | o Fixes in yacc / bison stuff |
---|
47 | o new plog() macro (reduced CPU usage when logging is disabled) |
---|
48 | o Try to work better with huge SPD/SAD |
---|
49 | o Corrected modecfg option syntax |
---|
50 | |
---|
51 | 0.7 - 09 August 2007 |
---|
52 | o Xauth with pre-shared key PSK |
---|
53 | o Xauth with certificates |
---|
54 | o SHA2 support |
---|
55 | o pkcs7 support |
---|
56 | o system accounting (utmp) |
---|
57 | o Darwin support |
---|
58 | o configuration can be reloaded |
---|
59 | o Support for UNIQUE generated policies |
---|
60 | o Support for semi anonymous sainfos |
---|
61 | o Support for ph1id to remoteid matching |
---|
62 | o Plain RSA authentication |
---|
63 | o Native LDAP support for Xauth and modecfg |
---|
64 | o Group membership checks for Xauth and sainfo selection |
---|
65 | o Camellia cipher support |
---|
66 | o IKE Fragment force option |
---|
67 | o Modecfg SplitNet attribute support |
---|
68 | o Modecfg SplitDNS attribute support ( server side ) |
---|
69 | o Modecfg Default Domain attribute support |
---|
70 | o Modecfg DNS/WINS server multiple attribute support |
---|
71 | |
---|
72 | 0.6 - 27 June 2005 |
---|
73 | o Generated policies are now correctly flushed |
---|
74 | o NAT-T works with multiple peers behind the NAT (need kernel support) |
---|
75 | o Xauth can use shadow passwords |
---|
76 | o TCP-MD5 support |
---|
77 | o PAM support for Xauth |
---|
78 | o Privilege separation |
---|
79 | o ESP fragmentation in tunnel mode can be tunned (NetBSD only) |
---|
80 | o racoon admin interface is exported (header and library) to |
---|
81 | help building control programs for racoon (think GUI) |
---|
82 | o Fixed single DES support; single DES users MUST UPGRADE. |
---|
83 | |
---|
84 | 0.5 - 10 April 2005 |
---|
85 | o Rewritten buildsystem. Now completely autoconfed, automaked, |
---|
86 | libtoolized. |
---|
87 | o IPsec-tools now compiles on NetBSD and FreeBSD again. |
---|
88 | o Support for server-side hybrid authentication, with full |
---|
89 | RADIUS supoort. This is interoperable with the Cisco VPN client. |
---|
90 | o Support for client-side hybrid authentication (Tested only with |
---|
91 | a racoon server) |
---|
92 | o ISAKMP mode config support |
---|
93 | o IKE fragmentation support |
---|
94 | o Fixed FWD policy support. |
---|
95 | o Fixed IPv6 compilation. |
---|
96 | o Readline is optional, fixed setkey when compiled without readline. |
---|
97 | o Configurable Root-CA certificate. |
---|
98 | o Dead Peer Detection (DPD) support. |
---|
99 | |
---|
100 | 0.4rc1 - 09 August 2004 |
---|
101 | o Merged support for PlainRSA keys from the 'plainrsa' branch. |
---|
102 | o Inheritance of 'remote{}' sections. |
---|
103 | o Support for SPD policy priorities in setkey. |
---|
104 | o Ciphers are now used through the 'EVP' interface which allows |
---|
105 | using hardware crypto accelerators. |
---|
106 | o Setkey has new option -n (no action). |
---|
107 | o All source files now have 3-clause BSD license. |
---|
108 | |
---|
109 | 0.3 - 14 April 2004 |
---|
110 | o Fixed setkey to handle multiline commands again. |
---|
111 | o Added command 'exit' to setkey. |
---|
112 | o Fixed racoon to only Warn if no CRL was found. |
---|
113 | o Improved testsuite. |
---|
114 | |
---|
115 | 0.3rc5 - 05 April 2004 |
---|
116 | o Security bugfix WRT handling X.509 signatures. |
---|
117 | o Stability fix WRT unknown PF_KEY messages. |
---|
118 | o Fixed NAT-T with more proposals (e.g. more crypto algos). |
---|
119 | o Setkey parses lines one by one => doesn't exit on errors. |
---|
120 | o Setkey supports readline => more user friendly. |
---|
121 | |
---|
122 | 0.3rc4 - 25 March 2004 |
---|
123 | o Fixed adding "null" encryption via 'setkey'. |
---|
124 | o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 |
---|
125 | o Fixed NAT-T in aggresive mode. |
---|
126 | o Fixed testsuite and added testsuite run into make check. |
---|
127 | |
---|
128 | 0.3rc3 - 19 March 2004 |
---|
129 | o Fixed compilation error with --enble-yydebug |
---|
130 | o Better diagnostic when proposals don't match. |
---|
131 | o Changed/added options to setkey. |
---|
132 | |
---|
133 | 0.3rc2 - 11 March 2004 |
---|
134 | o Added documentation for NAT-T |
---|
135 | o Better NAT-T diagnostic. |
---|
136 | o Test and workaround for missing va_copy() |
---|
137 | |
---|
138 | 0.3rc1 - 04 March 2004 |
---|
139 | o Support for NAT Traversal (NAT-T) |
---|
140 | |
---|
141 | 0.2.4 - 29 January 2004 |
---|
142 | o Sync with KAME as of 2004-01-07 |
---|
143 | o Fixed unauthorized deletion of SA in racoon (again). |
---|
144 | |
---|
145 | 0.2.3 - 15 January 2004 |
---|
146 | o Support for SA lifetime specified in bytes |
---|
147 | (see setkey -bs/-bh options) |
---|
148 | o Enhance support for OpenSSL 0.9.7 |
---|
149 | o Let racoon be more verbose |
---|
150 | o Fixed some simple bugs (see ChangeLog for details) |
---|
151 | o Fixed unauthorized deletion of SA in racoon |
---|
152 | o Fixed problems on AMD64 |
---|
153 | o Ignore multicast addresses for IKE |
---|
154 | |
---|
155 | 0.2.2 - 13 March 2003 |
---|
156 | o Fix racoon to build on some systems that require linking against -lfl |
---|
157 | o add an RPM spec to the distribution |
---|
158 | |
---|
159 | 0.2.1 - 07 March 2003 |
---|
160 | o Fix some more gcc-3.2.2 compiler warnings |
---|
161 | o Fix racoon to actually configure with ssl in a non-standard location |
---|
162 | o Fix racoon to not complain if krb5-config is not installed |
---|
163 | |
---|
164 | 0.2 - 06 March 2003 |
---|
165 | o Glibc-2.3 support |
---|
166 | o OpenSSL-0.9.7 support |
---|
167 | o Fixed duplicate-macro problems |
---|
168 | o Fix racoon lex/yacc support |
---|
169 | o Install psk.txt mode 600, racoon.conf mode 644 |
---|
170 | o Fix racoon to look in the correct directory for config files |
---|
171 | |
---|
172 | 0.1 - 03 March 2003 |
---|
173 | o Initial release of IPsec-Tools |
---|