1
0
This repository has been archived on 2024-07-22. You can view files and clone it, but cannot push or open issues or pull requests.
TP-Link_Archer-XR500v/BBA1.5_platform/apps/public/ipsectools/NEWS
2024-07-22 01:58:46 -03:00

160 lines
5.6 KiB
Plaintext

Version history:
----------------
0.8 - 18 March 2011
o Fix authentication method ambiguity with kerberos and xauth
o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
o Local address code rewrite to speed things up
o Improved MIPv6 support (Arnaud Ebalard)
o ISAKMP SA (phase1) rekeying
o Improved scheduler (faster algorithm, support monotonic clock)
o Handle RESPONDER-LIFETIME in quick mode
o Handle INITIAL-CONTACT in from main mode too
o Rewritten event handling framework for admin port
o Ability to initiate IPsec SA through admin port
o NAT-T Original Address handling (transport mode NAT-T support)
o clean NAT-T - PFkey support
o support for multiple anonymous remoteconfs
o Remove various obsolete configuration options
o A lot of other bug fixes, performance improvements and clean ups
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
purge_ipsec_spi()
o Generates a log if cert validation has been disabled by
configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to work better with huge SPD/SAD
o Corrected modecfg option syntax
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
0.6 - 27 June 2005
o Generated policies are now correctly flushed
o NAT-T works with multiple peers behind the NAT (need kernel support)
o Xauth can use shadow passwords
o TCP-MD5 support
o PAM support for Xauth
o Privilege separation
o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
o racoon admin interface is exported (header and library) to
help building control programs for racoon (think GUI)
o Fixed single DES support; single DES users MUST UPGRADE.
0.5 - 10 April 2005
o Rewritten buildsystem. Now completely autoconfed, automaked,
libtoolized.
o IPsec-tools now compiles on NetBSD and FreeBSD again.
o Support for server-side hybrid authentication, with full
RADIUS supoort. This is interoperable with the Cisco VPN client.
o Support for client-side hybrid authentication (Tested only with
a racoon server)
o ISAKMP mode config support
o IKE fragmentation support
o Fixed FWD policy support.
o Fixed IPv6 compilation.
o Readline is optional, fixed setkey when compiled without readline.
o Configurable Root-CA certificate.
o Dead Peer Detection (DPD) support.
0.4rc1 - 09 August 2004
o Merged support for PlainRSA keys from the 'plainrsa' branch.
o Inheritance of 'remote{}' sections.
o Support for SPD policy priorities in setkey.
o Ciphers are now used through the 'EVP' interface which allows
using hardware crypto accelerators.
o Setkey has new option -n (no action).
o All source files now have 3-clause BSD license.
0.3 - 14 April 2004
o Fixed setkey to handle multiline commands again.
o Added command 'exit' to setkey.
o Fixed racoon to only Warn if no CRL was found.
o Improved testsuite.
0.3rc5 - 05 April 2004
o Security bugfix WRT handling X.509 signatures.
o Stability fix WRT unknown PF_KEY messages.
o Fixed NAT-T with more proposals (e.g. more crypto algos).
o Setkey parses lines one by one => doesn't exit on errors.
o Setkey supports readline => more user friendly.
0.3rc4 - 25 March 2004
o Fixed adding "null" encryption via 'setkey'.
o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
o Fixed NAT-T in aggresive mode.
o Fixed testsuite and added testsuite run into make check.
0.3rc3 - 19 March 2004
o Fixed compilation error with --enble-yydebug
o Better diagnostic when proposals don't match.
o Changed/added options to setkey.
0.3rc2 - 11 March 2004
o Added documentation for NAT-T
o Better NAT-T diagnostic.
o Test and workaround for missing va_copy()
0.3rc1 - 04 March 2004
o Support for NAT Traversal (NAT-T)
0.2.4 - 29 January 2004
o Sync with KAME as of 2004-01-07
o Fixed unauthorized deletion of SA in racoon (again).
0.2.3 - 15 January 2004
o Support for SA lifetime specified in bytes
(see setkey -bs/-bh options)
o Enhance support for OpenSSL 0.9.7
o Let racoon be more verbose
o Fixed some simple bugs (see ChangeLog for details)
o Fixed unauthorized deletion of SA in racoon
o Fixed problems on AMD64
o Ignore multicast addresses for IKE
0.2.2 - 13 March 2003
o Fix racoon to build on some systems that require linking against -lfl
o add an RPM spec to the distribution
0.2.1 - 07 March 2003
o Fix some more gcc-3.2.2 compiler warnings
o Fix racoon to actually configure with ssl in a non-standard location
o Fix racoon to not complain if krb5-config is not installed
0.2 - 06 March 2003
o Glibc-2.3 support
o OpenSSL-0.9.7 support
o Fixed duplicate-macro problems
o Fix racoon lex/yacc support
o Install psk.txt mode 600, racoon.conf mode 644
o Fix racoon to look in the correct directory for config files
0.1 - 03 March 2003
o Initial release of IPsec-Tools