1Version history: 2---------------- 30.6.1 - 10 august 2005 4 o NAT-T fixes for situations where NAT-T is not used 5 o OpenSSL 0.9.8 support 6 o keys are not restricted to OpenSSL default size anymore 7 o PKCS7 support 8 o SHA2 support 9 100.6 - 27 June 2005 11 o Generated policies are now correctly flushed 12 o NAT-T works with multiple peers behind the NAT (need kernel support) 13 o Xauth can use shadow passwords 14 o TCP-MD5 support 15 o PAM support for Xauth 16 o Privilege separation 17 o ESP fragmentation in tunnel mode can be tunned (NetBSD only) 18 o racoon admin interface is exported (header and library) to 19 help building control programs for racoon (think GUI) 20 o Fixed single DES support; single DES users MUST UPGRADE 21 220.5 - 10 April 2005 23 o Rewritten buildsystem. Now completely autoconfed, automaked, 24 libtoolized. 25 o IPsec-tools now compiles on NetBSD and FreeBSD again. 26 o Support for server-side hybrid authentication, with full 27 RADIUS supoort. This is interoperable with the Cisco VPN client. 28 o Support for client-side hybrid authentication (Tested only with 29 a racoon server) 30 o ISAKMP mode config support 31 o IKE fragmentation support 32 o Fixed FWD policy support. 33 o Fixed IPv6 compilation. 34 o Readline is optional, fixed setkey when compiled without readline. 35 o Configurable Root-CA certificate. 36 o Dead Peer Detection (DPD) support. 37 380.4rc1 - 09 August 2004 39 o Merged support for PlainRSA keys from the 'plainrsa' branch. 40 o Inheritance of 'remote{}' sections. 41 o Support for SPD policy priorities in setkey. 42 o Ciphers are now used through the 'EVP' interface which allows 43 using hardware crypto accelerators. 44 o Setkey has new option -n (no action). 45 o All source files now have 3-clause BSD license. 46 470.3 - 14 April 2004 48 o Fixed setkey to handle multiline commands again. 49 o Added command 'exit' to setkey. 50 o Fixed racoon to only Warn if no CRL was found. 51 o Improved testsuite. 52 530.3rc5 - 05 April 2004 54 o Security bugfix WRT handling X.509 signatures. 55 o Stability fix WRT unknown PF_KEY messages. 56 o Fixed NAT-T with more proposals (e.g. more crypto algos). 57 o Setkey parses lines one by one => doesn't exit on errors. 58 o Setkey supports readline => more user friendly. 59 600.3rc4 - 25 March 2004 61 o Fixed adding "null" encryption via 'setkey'. 62 o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 63 o Fixed NAT-T in aggresive mode. 64 o Fixed testsuite and added testsuite run into make check. 65 660.3rc3 - 19 March 2004 67 o Fixed compilation error with --enble-yydebug 68 o Better diagnostic when proposals don't match. 69 o Changed/added options to setkey. 70 710.3rc2 - 11 March 2004 72 o Added documentation for NAT-T 73 o Better NAT-T diagnostic. 74 o Test and workaround for missing va_copy() 75 760.3rc1 - 04 March 2004 77 o Support for NAT Traversal (NAT-T) 78 790.2.4 - 29 January 2004 80 o Sync with KAME as of 2004-01-07 81 o Fixed unauthorized deletion of SA in racoon (again). 82 830.2.3 - 15 January 2004 84 o Support for SA lifetime specified in bytes 85 (see setkey -bs/-bh options) 86 o Enhance support for OpenSSL 0.9.7 87 o Let racoon be more verbose 88 o Fixed some simple bugs (see ChangeLog for details) 89 o Fixed unauthorized deletion of SA in racoon 90 o Fixed problems on AMD64 91 o Ignore multicast addresses for IKE 92 930.2.2 - 13 March 2003 94 o Fix racoon to build on some systems that require linking against -lfl 95 o add an RPM spec to the distribution 96 970.2.1 - 07 March 2003 98 o Fix some more gcc-3.2.2 compiler warnings 99 o Fix racoon to actually configure with ssl in a non-standard location 100 o Fix racoon to not complain if krb5-config is not installed 101 1020.2 - 06 March 2003 103 o Glibc-2.3 support 104 o OpenSSL-0.9.7 support 105 o Fixed duplicate-macro problems 106 o Fix racoon lex/yacc support 107 o Install psk.txt mode 600, racoon.conf mode 644 108 o Fix racoon to look in the correct directory for config files 109 1100.1 - 03 March 2003 111 o Initial release of IPsec-Tools 112