Home | History | Annotate | Download | only in ipsec-tools
      1 Version history:
      2 ----------------
      3 0.8	- 18 March 2011
      4 	o Fix authentication method ambiguity with kerberos and xauth
      5 	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
      6 	o Local address code rewrite to speed things up
      7 	o Improved MIPv6 support (Arnaud Ebalard)
      8 	o ISAKMP SA (phase1) rekeying
      9 	o Improved scheduler (faster algorithm, support monotonic clock)
     10 	o Handle RESPONDER-LIFETIME in quick mode
     11 	o Handle INITIAL-CONTACT in from main mode too
     12 	o Rewritten event handling framework for admin port
     13 	o Ability to initiate IPsec SA through admin port
     14 	o NAT-T Original Address handling (transport mode NAT-T support)
     15 	o clean NAT-T - PFkey support
     16 	o support for multiple anonymous remoteconfs
     17 	o Remove various obsolete configuration options
     18 	o A lot of other bug fixes, performance improvements and clean ups
     19 
     20 0.7.1	- 23 July 2008
     21 	o Fixes a memory leak when invalid proposal received
     22 	o Some fixes in DPD
     23 	o do not set default gss id if xauth is used
     24 	o fixed hybrid enabled builds
     25 	o fixed compilation on FreeBSD8
     26 	o cleanup in network port value manipulation
     27 	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
     28 	  purge_ipsec_spi()
     29 	o Generates a log if cert validation has been disabled by
     30 	  configuration
     31 	o better handling for pfkey socket read errors
     32 	o Fixes in yacc / bison stuff
     33 	o new plog() macro (reduced CPU usage when logging is disabled)
     34 	o Try to work better with huge SPD/SAD
     35 	o Corrected modecfg option syntax
     36 
     37 0.7	- 09 August 2007
     38 	o Xauth with pre-shared key PSK
     39 	o Xauth with certificates
     40 	o SHA2 support
     41 	o pkcs7 support
     42 	o system accounting (utmp)
     43 	o Darwin support
     44 	o configuration can be reloaded
     45 	o Support for UNIQUE generated policies
     46 	o Support for semi anonymous sainfos
     47 	o Support for ph1id to remoteid matching
     48 	o Plain RSA authentication
     49 	o Native LDAP support for Xauth and modecfg
     50 	o Group membership checks for Xauth and sainfo selection
     51 	o Camellia cipher support
     52 	o IKE Fragment force option
     53 	o Modecfg SplitNet attribute support
     54 	o Modecfg SplitDNS attribute support ( server side )
     55 	o Modecfg Default Domain attribute support
     56 	o Modecfg DNS/WINS server multiple attribute support
     57 
     58 0.6	- 27 June 2005
     59 	o Generated policies are now correctly flushed
     60 	o NAT-T works with multiple peers behind the NAT (need kernel support)
     61 	o Xauth can use shadow passwords
     62 	o TCP-MD5 support
     63 	o PAM support for Xauth
     64 	o Privilege separation
     65 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
     66 	o racoon admin interface is exported (header and library) to 
     67 	  help building control programs for racoon (think GUI)
     68 	o Fixed single DES support; single DES users MUST UPGRADE.
     69 
     70 0.5	- 10 April 2005
     71 	o Rewritten buildsystem. Now completely autoconfed, automaked,
     72 	  libtoolized.
     73 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
     74 	o Support for server-side hybrid authentication, with full 
     75 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
     76 	o Support for client-side hybrid authentication (Tested only with
     77 	  a racoon server)
     78 	o ISAKMP mode config support
     79 	o IKE fragmentation support
     80 	o Fixed FWD policy support.
     81 	o Fixed IPv6 compilation.
     82 	o Readline is optional, fixed setkey when compiled without readline.
     83 	o Configurable Root-CA certificate.
     84 	o Dead Peer Detection (DPD) support.
     85 
     86 0.4rc1	- 09 August 2004
     87 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
     88 	o Inheritance of 'remote{}' sections.
     89 	o Support for SPD policy priorities in setkey.
     90 	o Ciphers are now used through the 'EVP' interface which allows
     91 	  using hardware crypto accelerators.
     92 	o Setkey has new option -n (no action).
     93 	o All source files now have 3-clause BSD license.
     94 
     95 0.3	- 14 April 2004
     96 	o Fixed setkey to handle multiline commands again.
     97 	o Added command 'exit' to setkey.
     98 	o Fixed racoon to only Warn if no CRL was found.
     99 	o Improved testsuite.
    100 
    101 0.3rc5	- 05 April 2004
    102 	o Security bugfix WRT handling X.509 signatures.
    103 	o Stability fix WRT unknown PF_KEY messages.
    104 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
    105 	o Setkey parses lines one by one => doesn't exit on errors.
    106 	o Setkey supports readline => more user friendly.
    107 
    108 0.3rc4	- 25 March 2004
    109 	o Fixed adding "null" encryption via 'setkey'.
    110 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
    111 	o Fixed NAT-T in aggresive mode.
    112 	o Fixed testsuite and added testsuite run into make check.
    113 
    114 0.3rc3	- 19 March 2004
    115 	o Fixed compilation error with --enble-yydebug
    116 	o Better diagnostic when proposals don't match.
    117 	o Changed/added options to setkey.
    118 
    119 0.3rc2	- 11 March 2004
    120 	o Added documentation for NAT-T
    121 	o Better NAT-T diagnostic.
    122 	o Test and workaround for missing va_copy()
    123 
    124 0.3rc1	- 04 March 2004
    125 	o Support for NAT Traversal (NAT-T)
    126 
    127 0.2.4	- 29 January 2004
    128 	o Sync with KAME as of 2004-01-07
    129 	o Fixed unauthorized deletion of SA in racoon (again).
    130 
    131 0.2.3	- 15 January 2004
    132 	o Support for SA lifetime specified in bytes
    133 	  (see setkey -bs/-bh options)
    134 	o Enhance support for OpenSSL 0.9.7
    135 	o Let racoon be more verbose
    136 	o Fixed some simple bugs (see ChangeLog for details)
    137 	o Fixed unauthorized deletion of SA in racoon
    138 	o Fixed problems on AMD64
    139 	o Ignore multicast addresses for IKE
    140 
    141 0.2.2	- 13 March 2003
    142 	o Fix racoon to build on some systems that require linking against -lfl
    143 	o add an RPM spec to the distribution
    144 
    145 0.2.1	- 07 March 2003
    146 	o Fix some more gcc-3.2.2 compiler warnings
    147 	o Fix racoon to actually configure with ssl in a non-standard location
    148 	o Fix racoon to not complain if krb5-config is not installed
    149 
    150 0.2	- 06 March 2003
    151 	o Glibc-2.3 support
    152 	o OpenSSL-0.9.7 support
    153 	o Fixed duplicate-macro problems
    154 	o Fix racoon lex/yacc support
    155 	o Install psk.txt mode 600, racoon.conf mode 644
    156 	o Fix racoon to look in the correct directory for config files
    157 
    158 0.1	- 03 March 2003
    159 	o Initial release of IPsec-Tools
    160