blob: 3084f1489ea6817a07c340e1dd186bd5e64f29d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
Version history:
----------------
0.7.2 - 22 April 2009
o Fix a remote crash in fragmentation code
o Phase2 message identities are phase1 specific (Vista compatibility=
o Autogenerate ChangeLog from cvs metadata
o Fix mode config pool resizing
o NAT-T fixes related to purging of IPsec SA:s and retransmission
o Remove phase1 handler immediately if first exchange is bad
o A bunch of memory leak and possible memory corruptions (triggerable
by bad configuration or startup parameters)
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
o Generates a log if cert validation has been disabled by configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
0.6 - 27 June 2005
o Generated policies are now correctly flushed
o NAT-T works with multiple peers behind the NAT (need kernel support)
o Xauth can use shadow passwords
o TCP-MD5 support
o PAM support for Xauth
o Privilege separation
o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
o racoon admin interface is exported (header and library) to
help building control programs for racoon (think GUI)
o Fixed single DES support; single DES users MUST UPGRADE.
0.5 - 10 April 2005
o Rewritten buildsystem. Now completely autoconfed, automaked,
libtoolized.
o IPsec-tools now compiles on NetBSD and FreeBSD again.
o Support for server-side hybrid authentication, with full
RADIUS supoort. This is interoperable with the Cisco VPN client.
o Support for client-side hybrid authentication (Tested only with
a racoon server)
o ISAKMP mode config support
o IKE fragmentation support
o Fixed FWD policy support.
o Fixed IPv6 compilation.
o Readline is optional, fixed setkey when compiled without readline.
o Configurable Root-CA certificate.
o Dead Peer Detection (DPD) support.
0.4rc1 - 09 August 2004
o Merged support for PlainRSA keys from the 'plainrsa' branch.
o Inheritance of 'remote{}' sections.
o Support for SPD policy priorities in setkey.
o Ciphers are now used through the 'EVP' interface which allows
using hardware crypto accelerators.
o Setkey has new option -n (no action).
o All source files now have 3-clause BSD license.
0.3 - 14 April 2004
o Fixed setkey to handle multiline commands again.
o Added command 'exit' to setkey.
o Fixed racoon to only Warn if no CRL was found.
o Improved testsuite.
0.3rc5 - 05 April 2004
o Security bugfix WRT handling X.509 signatures.
o Stability fix WRT unknown PF_KEY messages.
o Fixed NAT-T with more proposals (e.g. more crypto algos).
o Setkey parses lines one by one => doesn't exit on errors.
o Setkey supports readline => more user friendly.
0.3rc4 - 25 March 2004
o Fixed adding "null" encryption via 'setkey'.
o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
o Fixed NAT-T in aggresive mode.
o Fixed testsuite and added testsuite run into make check.
0.3rc3 - 19 March 2004
o Fixed compilation error with --enble-yydebug
o Better diagnostic when proposals don't match.
o Changed/added options to setkey.
0.3rc2 - 11 March 2004
o Added documentation for NAT-T
o Better NAT-T diagnostic.
o Test and workaround for missing va_copy()
0.3rc1 - 04 March 2004
o Support for NAT Traversal (NAT-T)
0.2.4 - 29 January 2004
o Sync with KAME as of 2004-01-07
o Fixed unauthorized deletion of SA in racoon (again).
0.2.3 - 15 January 2004
o Support for SA lifetime specified in bytes
(see setkey -bs/-bh options)
o Enhance support for OpenSSL 0.9.7
o Let racoon be more verbose
o Fixed some simple bugs (see ChangeLog for details)
o Fixed unauthorized deletion of SA in racoon
o Fixed problems on AMD64
o Ignore multicast addresses for IKE
0.2.2 - 13 March 2003
o Fix racoon to build on some systems that require linking against -lfl
o add an RPM spec to the distribution
0.2.1 - 07 March 2003
o Fix some more gcc-3.2.2 compiler warnings
o Fix racoon to actually configure with ssl in a non-standard location
o Fix racoon to not complain if krb5-config is not installed
0.2 - 06 March 2003
o Glibc-2.3 support
o OpenSSL-0.9.7 support
o Fixed duplicate-macro problems
o Fix racoon lex/yacc support
o Install psk.txt mode 600, racoon.conf mode 644
o Fix racoon to look in the correct directory for config files
0.1 - 03 March 2003
o Initial release of IPsec-Tools
|
