view contrib/racoon/NEWS @ 460:bf8653674ede

Status LEDs preinit rc.d script.
author Aleksandr Rybalko <>
date Mon, 24 Sep 2012 13:59:56 +0300
parents 52ab441b5cbd
line wrap: on
line source
Version history:

0.7.3 - 23 August 2009
	o Fix a remote crash and a memory leak
	o Fixed a NAT-T flag check
	o Some code cleanups/compilation fixes with recent gcc

0.7.2 - 22 April 2009
	o Fix a remote crash in fragmentation code
	o Phase2 message identities are phase1 specific (Vista compatibility=
	o Autogenerate ChangeLog from cvs metadata
	o Fix mode config pool resizing
	o NAT-T fixes related to purging of IPsec SA:s and retransmission
	o Remove phase1 handler immediately if first exchange is bad
	o A bunch of memory leak and possible memory corruptions (triggerable
	  by bad configuration or startup parameters)

0.7.1 - 23 July 2008
	o Fixes a memory leak when invalid proposal received
	o Some fixes in DPD
	o do not set default gss id if xauth is used
	o fixed hybrid enabled builds
	o fixed compilation on FreeBSD8
	o cleanup in network port value manipulation
	o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
	o Generates a log if cert validation has been disabled by configuration
	o better handling for pfkey socket read errors
	o Fixes in yacc / bison stuff
	o new plog() macro (reduced CPU usage when logging is disabled)
	o Try to works better with huge SPD/SAD
	o Corrected modecfg option syntax
	o Many other various fixes...

0.7	- 09 August 2007
	o Xauth with pre-shared key PSK
	o Xauth with certificates
	o SHA2 support
	o pkcs7 support
	o system accounting (utmp)
	o Darwin support
	o configuration can be reloaded
	o Support for UNIQUE generated policies
	o Support for semi anonymous sainfos
	o Support for ph1id to remoteid matching
	o Plain RSA authentication
	o Native LDAP support for Xauth and modecfg
	o Group membership checks for Xauth and sainfo selection
	o Camellia cipher support
	o IKE Fragment force option
	o Modecfg SplitNet attribute support
	o Modecfg SplitDNS attribute support ( server side )
	o Modecfg Default Domain attribute support
	o Modecfg DNS/WINS server multiple attribute support

0.6	- 27 June 2005
	o Generated policies are now correctly flushed
	o NAT-T works with multiple peers behind the NAT (need kernel support)
	o Xauth can use shadow passwords
	o TCP-MD5 support
	o PAM support for Xauth
	o Privilege separation
	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
	o racoon admin interface is exported (header and library) to 
	  help building control programs for racoon (think GUI)
 	o Fixed single DES support; single DES users MUST UPGRADE.

0.5	- 10 April 2005
	o Rewritten buildsystem. Now completely autoconfed, automaked,
	o IPsec-tools now compiles on NetBSD and FreeBSD again.
	o Support for server-side hybrid authentication, with full 
	  RADIUS supoort. This is interoperable with the Cisco VPN client.
	o Support for client-side hybrid authentication (Tested only with
	  a racoon server)
	o ISAKMP mode config support
	o IKE fragmentation support
	o Fixed FWD policy support.
	o Fixed IPv6 compilation.
	o Readline is optional, fixed setkey when compiled without readline.
	o Configurable Root-CA certificate.
	o Dead Peer Detection (DPD) support.

0.4rc1	- 09 August 2004
	o Merged support for PlainRSA keys from the 'plainrsa' branch.
	o Inheritance of 'remote{}' sections.
	o Support for SPD policy priorities in setkey.
	o Ciphers are now used through the 'EVP' interface which allows
	  using hardware crypto accelerators.
	o Setkey has new option -n (no action).
	o All source files now have 3-clause BSD license.

0.3	- 14 April 2004
        o Fixed setkey to handle multiline commands again.
	o Added command 'exit' to setkey.
	o Fixed racoon to only Warn if no CRL was found.
	o Improved testsuite.

0.3rc5	- 05 April 2004
	o Security bugfix WRT handling X.509 signatures.
	o Stability fix WRT unknown PF_KEY messages.
	o Fixed NAT-T with more proposals (e.g. more crypto algos).
	o Setkey parses lines one by one => doesn't exit on errors.
	o Setkey supports readline => more user friendly.

0.3rc4	- 25 March 2004
	o Fixed adding "null" encryption via 'setkey'.
	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
	o Fixed NAT-T in aggresive mode.
	o Fixed testsuite and added testsuite run into make check.

0.3rc3	- 19 March 2004
	o Fixed compilation error with --enble-yydebug
	o Better diagnostic when proposals don't match.
	o Changed/added options to setkey.

0.3rc2	- 11 March 2004
	o Added documentation for NAT-T
	o Better NAT-T diagnostic.
	o Test and workaround for missing va_copy()

0.3rc1	- 04 March 2004
	o Support for NAT Traversal (NAT-T)

0.2.4	- 29 January 2004
	o Sync with KAME as of 2004-01-07
	o Fixed unauthorized deletion of SA in racoon (again).

0.2.3	- 15 January 2004
	o Support for SA lifetime specified in bytes
	  (see setkey -bs/-bh options)
	o Enhance support for OpenSSL 0.9.7
	o Let racoon be more verbose
	o Fixed some simple bugs (see ChangeLog for details)
	o Fixed unauthorized deletion of SA in racoon
	o Fixed problems on AMD64
	o Ignore multicast addresses for IKE

0.2.2	- 13 March 2003
	o Fix racoon to build on some systems that require linking against -lfl
	o add an RPM spec to the distribution

0.2.1	- 07 March 2003
	o Fix some more gcc-3.2.2 compiler warnings
	o Fix racoon to actually configure with ssl in a non-standard location
	o Fix racoon to not complain if krb5-config is not installed

0.2	- 06 March 2003
	o Glibc-2.3 support
	o OpenSSL-0.9.7 support
	o Fixed duplicate-macro problems
	o Fix racoon lex/yacc support
	o Install psk.txt mode 600, racoon.conf mode 644
	o Fix racoon to look in the correct directory for config files

0.1	- 03 March 2003
	o Initial release of IPsec-Tools