Version history: ---------------- 0.7.2 - 22 April 2009 o Fix a remote crash in fragmentation code o Phase2 message identities are phase1 specific (Vista compatibility= o Autogenerate ChangeLog from cvs metadata o Fix mode config pool resizing o NAT-T fixes related to purging of IPsec SA:s and retransmission o Remove phase1 handler immediately if first exchange is bad o A bunch of memory leak and possible memory corruptions (triggerable by bad configuration or startup parameters) 0.7.1 - 23 July 2008 o Fixes a memory leak when invalid proposal received o Some fixes in DPD o do not set default gss id if xauth is used o fixed hybrid enabled builds o fixed compilation on FreeBSD8 o cleanup in network port value manipulation o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi() o Generates a log if cert validation has been disabled by configuration o better handling for pfkey socket read errors o Fixes in yacc / bison stuff o new plog() macro (reduced CPU usage when logging is disabled) o Try to works better with huge SPD/SAD o Corrected modecfg option syntax o Many other various fixes... 0.7 - 09 August 2007 o Xauth with pre-shared key PSK o Xauth with certificates o SHA2 support o pkcs7 support o system accounting (utmp) o Darwin support o configuration can be reloaded o Support for UNIQUE generated policies o Support for semi anonymous sainfos o Support for ph1id to remoteid matching o Plain RSA authentication o Native LDAP support for Xauth and modecfg o Group membership checks for Xauth and sainfo selection o Camellia cipher support o IKE Fragment force option o Modecfg SplitNet attribute support o Modecfg SplitDNS attribute support ( server side ) o Modecfg Default Domain attribute support o Modecfg DNS/WINS server multiple attribute support 0.6 - 27 June 2005 o Generated policies are now correctly flushed o NAT-T works with multiple peers behind the NAT (need kernel support) o Xauth can use shadow passwords o TCP-MD5 support o PAM support for Xauth o Privilege separation o ESP fragmentation in tunnel mode can be tunned (NetBSD only) o racoon admin interface is exported (header and library) to help building control programs for racoon (think GUI) o Fixed single DES support; single DES users MUST UPGRADE. 0.5 - 10 April 2005 o Rewritten buildsystem. Now completely autoconfed, automaked, libtoolized. o IPsec-tools now compiles on NetBSD and FreeBSD again. o Support for server-side hybrid authentication, with full RADIUS supoort. This is interoperable with the Cisco VPN client. o Support for client-side hybrid authentication (Tested only with a racoon server) o ISAKMP mode config support o IKE fragmentation support o Fixed FWD policy support. o Fixed IPv6 compilation. o Readline is optional, fixed setkey when compiled without readline. o Configurable Root-CA certificate. o Dead Peer Detection (DPD) support. 0.4rc1 - 09 August 2004 o Merged support for PlainRSA keys from the 'plainrsa' branch. o Inheritance of 'remote{}' sections. o Support for SPD policy priorities in setkey. o Ciphers are now used through the 'EVP' interface which allows using hardware crypto accelerators. o Setkey has new option -n (no action). o All source files now have 3-clause BSD license. 0.3 - 14 April 2004 o Fixed setkey to handle multiline commands again. o Added command 'exit' to setkey. o Fixed racoon to only Warn if no CRL was found. o Improved testsuite. 0.3rc5 - 05 April 2004 o Security bugfix WRT handling X.509 signatures. o Stability fix WRT unknown PF_KEY messages. o Fixed NAT-T with more proposals (e.g. more crypto algos). o Setkey parses lines one by one => doesn't exit on errors. o Setkey supports readline => more user friendly. 0.3rc4 - 25 March 2004 o Fixed adding "null" encryption via 'setkey'. o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 o Fixed NAT-T in aggresive mode. o Fixed testsuite and added testsuite run into make check. 0.3rc3 - 19 March 2004 o Fixed compilation error with --enble-yydebug o Better diagnostic when proposals don't match. o Changed/added options to setkey. 0.3rc2 - 11 March 2004 o Added documentation for NAT-T o Better NAT-T diagnostic. o Test and workaround for missing va_copy() 0.3rc1 - 04 March 2004 o Support for NAT Traversal (NAT-T) 0.2.4 - 29 January 2004 o Sync with KAME as of 2004-01-07 o Fixed unauthorized deletion of SA in racoon (again). 0.2.3 - 15 January 2004 o Support for SA lifetime specified in bytes (see setkey -bs/-bh options) o Enhance support for OpenSSL 0.9.7 o Let racoon be more verbose o Fixed some simple bugs (see ChangeLog for details) o Fixed unauthorized deletion of SA in racoon o Fixed problems on AMD64 o Ignore multicast addresses for IKE 0.2.2 - 13 March 2003 o Fix racoon to build on some systems that require linking against -lfl o add an RPM spec to the distribution 0.2.1 - 07 March 2003 o Fix some more gcc-3.2.2 compiler warnings o Fix racoon to actually configure with ssl in a non-standard location o Fix racoon to not complain if krb5-config is not installed 0.2 - 06 March 2003 o Glibc-2.3 support o OpenSSL-0.9.7 support o Fixed duplicate-macro problems o Fix racoon lex/yacc support o Install psk.txt mode 600, racoon.conf mode 644 o Fix racoon to look in the correct directory for config files 0.1 - 03 March 2003 o Initial release of IPsec-Tools