1 Version history: 2 ---------------- 3 0.8 - 18 March 2011 4 o Fix authentication method ambiguity with kerberos and xauth 5 o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman) 6 o Local address code rewrite to speed things up 7 o Improved MIPv6 support (Arnaud Ebalard) 8 o ISAKMP SA (phase1) rekeying 9 o Improved scheduler (faster algorithm, support monotonic clock) 10 o Handle RESPONDER-LIFETIME in quick mode 11 o Handle INITIAL-CONTACT in from main mode too 12 o Rewritten event handling framework for admin port 13 o Ability to initiate IPsec SA through admin port 14 o NAT-T Original Address handling (transport mode NAT-T support) 15 o clean NAT-T - PFkey support 16 o support for multiple anonymous remoteconfs 17 o Remove various obsolete configuration options 18 o A lot of other bug fixes, performance improvements and clean ups 19 20 0.7.1 - 23 July 2008 21 o Fixes a memory leak when invalid proposal received 22 o Some fixes in DPD 23 o do not set default gss id if xauth is used 24 o fixed hybrid enabled builds 25 o fixed compilation on FreeBSD8 26 o cleanup in network port value manipulation 27 o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in 28 purge_ipsec_spi() 29 o Generates a log if cert validation has been disabled by 30 configuration 31 o better handling for pfkey socket read errors 32 o Fixes in yacc / bison stuff 33 o new plog() macro (reduced CPU usage when logging is disabled) 34 o Try to work better with huge SPD/SAD 35 o Corrected modecfg option syntax 36 37 0.7 - 09 August 2007 38 o Xauth with pre-shared key PSK 39 o Xauth with certificates 40 o SHA2 support 41 o pkcs7 support 42 o system accounting (utmp) 43 o Darwin support 44 o configuration can be reloaded 45 o Support for UNIQUE generated policies 46 o Support for semi anonymous sainfos 47 o Support for ph1id to remoteid matching 48 o Plain RSA authentication 49 o Native LDAP support for Xauth and modecfg 50 o Group membership checks for Xauth and sainfo selection 51 o Camellia cipher support 52 o IKE Fragment force option 53 o Modecfg SplitNet attribute support 54 o Modecfg SplitDNS attribute support ( server side ) 55 o Modecfg Default Domain attribute support 56 o Modecfg DNS/WINS server multiple attribute support 57 58 0.6 - 27 June 2005 59 o Generated policies are now correctly flushed 60 o NAT-T works with multiple peers behind the NAT (need kernel support) 61 o Xauth can use shadow passwords 62 o TCP-MD5 support 63 o PAM support for Xauth 64 o Privilege separation 65 o ESP fragmentation in tunnel mode can be tunned (NetBSD only) 66 o racoon admin interface is exported (header and library) to 67 help building control programs for racoon (think GUI) 68 o Fixed single DES support; single DES users MUST UPGRADE. 69 70 0.5 - 10 April 2005 71 o Rewritten buildsystem. Now completely autoconfed, automaked, 72 libtoolized. 73 o IPsec-tools now compiles on NetBSD and FreeBSD again. 74 o Support for server-side hybrid authentication, with full 75 RADIUS supoort. This is interoperable with the Cisco VPN client. 76 o Support for client-side hybrid authentication (Tested only with 77 a racoon server) 78 o ISAKMP mode config support 79 o IKE fragmentation support 80 o Fixed FWD policy support. 81 o Fixed IPv6 compilation. 82 o Readline is optional, fixed setkey when compiled without readline. 83 o Configurable Root-CA certificate. 84 o Dead Peer Detection (DPD) support. 85 86 0.4rc1 - 09 August 2004 87 o Merged support for PlainRSA keys from the 'plainrsa' branch. 88 o Inheritance of 'remote{}' sections. 89 o Support for SPD policy priorities in setkey. 90 o Ciphers are now used through the 'EVP' interface which allows 91 using hardware crypto accelerators. 92 o Setkey has new option -n (no action). 93 o All source files now have 3-clause BSD license. 94 95 0.3 - 14 April 2004 96 o Fixed setkey to handle multiline commands again. 97 o Added command 'exit' to setkey. 98 o Fixed racoon to only Warn if no CRL was found. 99 o Improved testsuite. 100 101 0.3rc5 - 05 April 2004 102 o Security bugfix WRT handling X.509 signatures. 103 o Stability fix WRT unknown PF_KEY messages. 104 o Fixed NAT-T with more proposals (e.g. more crypto algos). 105 o Setkey parses lines one by one => doesn't exit on errors. 106 o Setkey supports readline => more user friendly. 107 108 0.3rc4 - 25 March 2004 109 o Fixed adding "null" encryption via 'setkey'. 110 o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 111 o Fixed NAT-T in aggresive mode. 112 o Fixed testsuite and added testsuite run into make check. 113 114 0.3rc3 - 19 March 2004 115 o Fixed compilation error with --enble-yydebug 116 o Better diagnostic when proposals don't match. 117 o Changed/added options to setkey. 118 119 0.3rc2 - 11 March 2004 120 o Added documentation for NAT-T 121 o Better NAT-T diagnostic. 122 o Test and workaround for missing va_copy() 123 124 0.3rc1 - 04 March 2004 125 o Support for NAT Traversal (NAT-T) 126 127 0.2.4 - 29 January 2004 128 o Sync with KAME as of 2004-01-07 129 o Fixed unauthorized deletion of SA in racoon (again). 130 131 0.2.3 - 15 January 2004 132 o Support for SA lifetime specified in bytes 133 (see setkey -bs/-bh options) 134 o Enhance support for OpenSSL 0.9.7 135 o Let racoon be more verbose 136 o Fixed some simple bugs (see ChangeLog for details) 137 o Fixed unauthorized deletion of SA in racoon 138 o Fixed problems on AMD64 139 o Ignore multicast addresses for IKE 140 141 0.2.2 - 13 March 2003 142 o Fix racoon to build on some systems that require linking against -lfl 143 o add an RPM spec to the distribution 144 145 0.2.1 - 07 March 2003 146 o Fix some more gcc-3.2.2 compiler warnings 147 o Fix racoon to actually configure with ssl in a non-standard location 148 o Fix racoon to not complain if krb5-config is not installed 149 150 0.2 - 06 March 2003 151 o Glibc-2.3 support 152 o OpenSSL-0.9.7 support 153 o Fixed duplicate-macro problems 154 o Fix racoon lex/yacc support 155 o Install psk.txt mode 600, racoon.conf mode 644 156 o Fix racoon to look in the correct directory for config files 157 158 0.1 - 03 March 2003 159 o Initial release of IPsec-Tools 160
