| blob | deba2acf915ae39598300bb8da10118b7d335afb |
1 Version history:
2 ----------------
3 0.8 CVS (no official release yet)
4 o Fix authentication method ambiguity with kerberos and xauth
5 o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
6 o Local address code rewrite to speed things up
7 o Improved MIPv6 support (Arnaud Ebalard)
8 o ISAKMP SA (phase1) rekeying
9 o Improved scheduler (faster algorithm, support monotonic clock)
10 o Handle RESPONDER-LIFETIME in quick mode
11 o Handle INITIAL-CONTACT in from main mode too
12 o Rewritten event handling framework for admin port
13 o Ability to initiate IPsec SA through admin port
14 o NAT-T Original Address handling (transport mode NAT-T support)
15 o Remove various obsolete configuration options
16 o A lot of other bug fixes, performance improvements and clean ups
18 0.7.1 - 23 July 2008
19 o Fixes a memory leak when invalid proposal received
20 o Some fixes in DPD
21 o do not set default gss id if xauth is used
22 o fixed hybrid enabled builds
23 o fixed compilation on FreeBSD8
24 o cleanup in network port value manipulation
25 o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
26 purge_ipsec_spi()
27 o Generates a log if cert validation has been disabled by
28 configuration
29 o better handling for pfkey socket read errors
30 o Fixes in yacc / bison stuff
31 o new plog() macro (reduced CPU usage when logging is disabled)
32 o Try to work better with huge SPD/SAD
33 o Corrected modecfg option syntax
35 0.7 - 09 August 2007
36 o Xauth with pre-shared key PSK
37 o Xauth with certificates
38 o SHA2 support
39 o pkcs7 support
40 o system accounting (utmp)
41 o Darwin support
42 o configuration can be reloaded
43 o Support for UNIQUE generated policies
44 o Support for semi anonymous sainfos
45 o Support for ph1id to remoteid matching
46 o Plain RSA authentication
47 o Native LDAP support for Xauth and modecfg
48 o Group membership checks for Xauth and sainfo selection
49 o Camellia cipher support
50 o IKE Fragment force option
51 o Modecfg SplitNet attribute support
52 o Modecfg SplitDNS attribute support ( server side )
53 o Modecfg Default Domain attribute support
54 o Modecfg DNS/WINS server multiple attribute support
56 0.6 - 27 June 2005
57 o Generated policies are now correctly flushed
58 o NAT-T works with multiple peers behind the NAT (need kernel support)
59 o Xauth can use shadow passwords
60 o TCP-MD5 support
61 o PAM support for Xauth
62 o Privilege separation
63 o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
64 o racoon admin interface is exported (header and library) to
65 help building control programs for racoon (think GUI)
66 o Fixed single DES support; single DES users MUST UPGRADE.
68 0.5 - 10 April 2005
69 o Rewritten buildsystem. Now completely autoconfed, automaked,
70 libtoolized.
71 o IPsec-tools now compiles on NetBSD and FreeBSD again.
72 o Support for server-side hybrid authentication, with full
73 RADIUS supoort. This is interoperable with the Cisco VPN client.
74 o Support for client-side hybrid authentication (Tested only with
75 a racoon server)
76 o ISAKMP mode config support
77 o IKE fragmentation support
78 o Fixed FWD policy support.
79 o Fixed IPv6 compilation.
80 o Readline is optional, fixed setkey when compiled without readline.
81 o Configurable Root-CA certificate.
82 o Dead Peer Detection (DPD) support.
84 0.4rc1 - 09 August 2004
85 o Merged support for PlainRSA keys from the 'plainrsa' branch.
86 o Inheritance of 'remote{}' sections.
87 o Support for SPD policy priorities in setkey.
88 o Ciphers are now used through the 'EVP' interface which allows
89 using hardware crypto accelerators.
90 o Setkey has new option -n (no action).
91 o All source files now have 3-clause BSD license.
93 0.3 - 14 April 2004
94 o Fixed setkey to handle multiline commands again.
95 o Added command 'exit' to setkey.
96 o Fixed racoon to only Warn if no CRL was found.
97 o Improved testsuite.
99 0.3rc5 - 05 April 2004
100 o Security bugfix WRT handling X.509 signatures.
101 o Stability fix WRT unknown PF_KEY messages.
102 o Fixed NAT-T with more proposals (e.g. more crypto algos).
103 o Setkey parses lines one by one => doesn't exit on errors.
104 o Setkey supports readline => more user friendly.
106 0.3rc4 - 25 March 2004
107 o Fixed adding "null" encryption via 'setkey'.
108 o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
109 o Fixed NAT-T in aggresive mode.
110 o Fixed testsuite and added testsuite run into make check.
112 0.3rc3 - 19 March 2004
113 o Fixed compilation error with --enble-yydebug
114 o Better diagnostic when proposals don't match.
115 o Changed/added options to setkey.
117 0.3rc2 - 11 March 2004
118 o Added documentation for NAT-T
119 o Better NAT-T diagnostic.
120 o Test and workaround for missing va_copy()
122 0.3rc1 - 04 March 2004
123 o Support for NAT Traversal (NAT-T)
125 0.2.4 - 29 January 2004
126 o Sync with KAME as of 2004-01-07
127 o Fixed unauthorized deletion of SA in racoon (again).
129 0.2.3 - 15 January 2004
130 o Support for SA lifetime specified in bytes
131 (see setkey -bs/-bh options)
132 o Enhance support for OpenSSL 0.9.7
133 o Let racoon be more verbose
134 o Fixed some simple bugs (see ChangeLog for details)
135 o Fixed unauthorized deletion of SA in racoon
136 o Fixed problems on AMD64
137 o Ignore multicast addresses for IKE
139 0.2.2 - 13 March 2003
140 o Fix racoon to build on some systems that require linking against -lfl
141 o add an RPM spec to the distribution
143 0.2.1 - 07 March 2003
144 o Fix some more gcc-3.2.2 compiler warnings
145 o Fix racoon to actually configure with ssl in a non-standard location
146 o Fix racoon to not complain if krb5-config is not installed
148 0.2 - 06 March 2003
149 o Glibc-2.3 support
150 o OpenSSL-0.9.7 support
151 o Fixed duplicate-macro problems
152 o Fix racoon lex/yacc support
153 o Install psk.txt mode 600, racoon.conf mode 644
154 o Fix racoon to look in the correct directory for config files
156 0.1 - 03 March 2003
157 o Initial release of IPsec-Tools