1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382
|
----------------------------------------------------------------------
VPN Client
----------------------------------------------------------------------
Alpha release ...
----------------------------------------------------------------------
X Resolve host dns to address in ipsecc
X Transmit size in vnet driver
X DHCP renew effects phase2 sa's
X Client status message rework
X Allow the configuration of the dns suffix in ipseca
X NAT-T force option in ipseca & ipsecc
X Manual config of client settings in ipsecd ( review ipseci )
X Key size in ipseca for phase1
X Dir path problem ipsecc & ipsecd
X Pre-fragment support in ipsecd
X Update logging facility in ipsecd
X Use generic logging facility in dll classes
X Test all dialog options for feature parity
Beta release ...
----------------------------------------------------------------------
X Rewrite vnet driver
X Create cleanup routines for all sa and tunnel objects
X Fix license view in about dialog
X Delete sa's after they are declared dead
X Isakmp re-transmit in ipsecd
X Send NAT keep-alive packets
X Mutual auth XAuth mode
1.0.0 release ...
----------------------------------------------------------------------
X SPI size of 8 in sa payload
X Flag tunnel as dead when proposal is rejected
X Handle notification payloads when bundled in phase1 or phase2
X Correct dialog layout issues
X Allow for disabled client WINS and DNS settings
X IKE fragmentation
X Send delete messages as outlined in RFC 2408
X Handle delete messages as outlined in RFC 2408
X Send notify messages as outlined in RFC 2408
X Handle notify messages as outlined in RFC 2408
X Client feedback for failure cases
X Fix crash after items deleted in ipseca
X Support the modecfg banner attribute
X Cleanup IPFRAG class
X Phase2 sa re-establish after expire
X Create debugger application interface
X Prevent multiple tunnels from using the same gateway
X Support the pfs modecfg attribute
X Support the split exclude modecfg attribute
X Correct client busy loop bug
X Pre-configured client packaging system
X Fix multiple tunnel issues
X Write documentation
X Button default issue in ipsecc
X Test non-admin user operation
X Correct loss of default route
X Correct the VNET MTU dropping to 175
X Update VProt Interface to handle Dialup Adapters
1.1.0 release - Bug fixes and fine tuning
----------------------------------------------------------------------
X Add Split DNS Support
X Cleanup orphaned dnsfwd entries
X Cleanup PACKET_DNS memory leaks
X Add Dead Peer Detection responder
X Add Dead Peer Detection initiator
X Move away from dynamic adapter creation ( adapter pools )
X Correct phase2 negotiation issues
X Replace DHCP support with static configuration
X Fix session termination messages
X Move remaining projects in-branch to share versions
X Modify interfaces to support Split DNS, DPD Banner and Notify
X Remove tunnel references to internal API
X Standardize and fix validation of inform and config hashes
X Audit use of random generation
X Correct debug output for modecfg banner
X Restructure SDB and packet resend
X Resolve issue with devcfg initial device creation
X Report phase 2 id types and values
X Add client username and password command line options
X Remove media sense from VNet driver
X Track down a rare ipsecc freeze when server rudely disconnect
X Review driver locking
X Modify VProt to handle multiple dialup adapters
X Review adapter registry configurtaion
X Update release documentation
X Look into reported issue with Split DNS
X Implement Split DNS reverse lookups
X Correct p12 related problems
X Add support for encrypted p12 and pem files
X Correct problems with local ID checking
X Test kernel drivers with multi-core systems
2.0.0 release - Interface below TCPIP and friends
----------------------------------------------------------------------
X Replace Protocol driver with IM filter driver
X Build rule based filter framework into IM driver
X Implement divert/mirror rule processing ( like FreeBSD ipfw )
X Implement accept/reject rule processing
X Use filter framework for packet inspection / redirection
X Remove uneeded functionality from virtual network interface
X Hide platform specific route index detail in libip
X Add support for using a real interface as a tunnel endpoint
X Review locking and stabilize IM filter driver
X Modify transparent DNS proxy code to work in direct or virtual mode
X Modify IM filter driver to support rule priorities for insertion
X Modify libflt ethernet header creation routine to use ARP data
X Modify ipsecd, vflt and libvflt to deal with transient devices
X Add auto configuration for phase1 and phase2 parameters
X Review and correct any issues with the exchange handlers
X Rewrite code related to proposal generation and checking
X Rewrite code related to policy management
X Fix ipsecd internal structure exposure to ipsecc
X Rewrite ipsec processing code to be policy driven
X Add support for ah in ipsecd
X Add support for ipcomp and deflate compression
X Rewrite packet queuing system
X Add ability to view FW rules in VPN Trace
X Add support for bundled proposals
X Seperate ike process, ipsec control and ipsec process threads
X Split ipsec daemon into ipsecd and iked
X Port iked to a single unix target
X Build pfkey interface for SPD and SAD management
X Add ability to view SPD and SAD entries in VPN Trace
X Fix information exchange and notify support
X Add iked config file support for unix targets using flex/bison
X Add iked support for sending responder lifetime notifications
X Add iked support for xauth via local and ldap sources
X Add iked support for modecfg
X Add iked support for advanced policy generation
X Split DNS Transparent proxy support into dtpd
X Remove optional esp packet pre-fragmentation from ipsecd
X Review all db locking and entry removal
X Improve phase2 rekey in ipsecd
X Add tunnel route to peer with default route
X Modify existing default route metric
X Add iked and iked.conf man pages
X Fix initial vnet device usage
X Add support for config push mode
X Modify the client gui for manual policy include/exclude
X Modify the client gui for config push or pull
X Fix the vpn trace sdb output tabs
X Update the client gui network tab
X Test all client features against racoon and iked
X Update the documentation
2.0.1 release - Improve platform support
----------------------------------------------------------------------
X Add support for Windows XP amd64 platform
X Add support for x86/amd64 FreBSD platforms
X Add support for x86/amd64 NetBSD platforms
X Add support for x86/amd64 Linux platforms
2.0.2 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Various bug fixes
2.0.3 release - Bug fix and fine tuning
----------------------------------------------------------------------
X various bug fixes
2.1.0 release - Improve platform and gateway support
----------------------------------------------------------------------
X Review option flag usage for client struct
X Make divert rule management dynamic ( be nice to other clients )
X Add support for syslog output on unix targets
X Add support for DHCP over IPsec configuration method
X Add support for strictly manual client configuration method
X Add stateful fragment evaluation to filter driver
X Add batched packet send and recv support to filter driver
X Add support for older Linux distributions
X Fix errors associated with iked processing duplicate packets
X Fix validation and trimming of trailing packet data
X Fix IM driver conflicts with the Cisco VPN Client ( DNE driver )
X Use exchange specific re-send timeout handlers for better logging
X Fix iked to work with any udp service port
X Add site connection support using the access manager system tray
X Add iked support for multiple DNS/WINS server addresses
X Add support for NAT-T draft 00 and 01 versions
X Fix IM driver issues with Windows 2K and Virtualization Software
X Add support for specifying the virtual network adapter MTU
X Add DNS and WINS support for direct adapter mode
X Fix Split DNS to work with an adapter specific default domain
X Add support for Windows x86/amd64 Vista platforms
X Fix route management for tunnels that force all traffic
X Add support for renegotiating IKSAMP SAs in client mode
X Add support for persistent IPSEC SAs
X Add support for site configuration file format versioning
X Add support for storing key and cert data in the site config
X Add user preference dialog for site manager
X Add preference for client minimize to system tray
X Add preference for pre-populating user names
X Add timestamps for non-syslog log output
X Add checks for illegal site configuration names
X Add site name and file conflict resolution dialogs
X Fix any differences between unix and windows site configuration
X Fix dissapearing DNS settings when the connection fails
X Fix the event timer class to avoid wakeups
X Fix hangs on *nix targets during iked shutdown
X Add work around for missing xauth type attribute
X Add a generic IPC class to avoid wakeups and reduce latency
X Port libdtp to use generic IPC class
X Port libike to use generic IPC class
X Port libpfk to use generic IPC class
X Fix high number of select wakeups on socket calls
X Fix the client statistics update
X Fix MS dnscache problems the right way
X Import new logo and improved icon sets
X Fix DPD problems while transitioning between ISAKMP SAs
X Improve DPD timeout algorithm
X Provide non WHQL signed Vista drivers
X Correct NDIS 6 miniport compatibility issue with filter driver
X Validate and document support for Cisco ASA gateways
X Validate and document support for Juniper SSG gateways
X Validate and document support for Zywall gateways
X Validate and document support for Fortigate gateways
2.1.1 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Fix NDIS 6 miniport problems with filter driver
X Fix VPN Trace problems on 64 bit Windows targets
2.1.2 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Various platform specific bug fixes
2.1.3 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Fix Diffie Hellman negotiation failures
X Fix mature SA packet re-transmit issues
X Fix config mode packet retransmit issues
X Add checks for mandatory reboot post install on Windows Platforms
X Fix dns resoltion for names that begin with numeric digit
2.1.4 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Fix a thread state bug that caused phase2 to fail in rare cases
X Fix a phase2 responder bug that caused packet re-transmit to fail
X Add explicit link state notifications for Vista filter drivers
X Fix quick disconnects after negotiating with a cisco gateway
X Add Dialup/PPP adapter support for Vista Platforms
X Fix a critical bug in the windows libvflt ip forward caching code
X Add proper support for multiple NAT-T hash values
2.1.5 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Add support for Cisco hybrid mode authentication ( mutual group )
X Add support for Cisco PCF file import
X Add support for auto uninstall during install of Windows package
X Add support for the XAuth radius chap method
X Add support for correctly handling multiple certificate requests
X Fix Checkpoint authentication regressions
X Fix reported link speed issue with virtual network driver
X Fix various kernel driver related issues reported by users
X Fix problems with resolv.conf file generation on unix platforms
X Fix NAT-T configuration issue
2.1.6 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Fix problem with direct adapter mode DNS configuration
X Fix DHCP over IPsec via DHCP adapters by immitating a bootp relay
X Fix DHCP pool exhaustion issue by retaining fake MAC see value
X Fix ESP payload padding issue with Adtran gateways
X Fix runtime creation of virtual adapter instances on Vista/7
X Fix dropped packets issues with vflt socket wrappers
X Fix uninstall issue that occured when Novell client was installed
X Fix kernel driver crash due to WANLINE (PPP/PPTP) notify parsing
X Fix various kernel driver issues blocking DTM controller tests
X Fix a bug related to using the IKE Fragmentation extestion
X Fix a bug in IKE push mode that called a pull handler instead
X Use a different port for DNS proxy to avoid 3rd party conflicts
X Add support for overlapping local and remote networks
X Add support for shared policy generation mode
X Add manifest files so users are prompted for elevated privileges
X Add pid file support on Linux/BSD platforms
X Add support for reporting the UNITY app version and firewall type
X Improve adapter/address selection for multiple inet connections
X Initial kernel driver versions signed by Microsoft WHQL
2.1.7 release - Bug fix and fine tuning
----------------------------------------------------------------------
X Fix negotiation of tunnel-all ( 0.0.0.0/0 ) configurations in iked
X Fix inbound SA negotiation with shared policy generation mode
X Fix iproute deletion issue on Vista/7 platforms
X Fix import of PCF files with non-encrypted password
X Apply IPsec policy and filename promts fixed from Michael Kenny
X Improve DNS Proxy divert rule management
2.2.0 release - Major feature improvements
----------------------------------------------------------------------
X Add Qt4 gui components to replace Qt3 components on Linux/BSD
X Add console based VPN Connect component on Linux/BSD ( non-gui )
X Add initial support for Intel Mac OSX platforms w/ DMG installer
X Add an option for selecting a randomized virtual subnet address
X Add GUI support for multiple DNS/WINS server addresses
X Add support for automatic stable software update checks
X Add text that displays the connection time in system tray tooltip
X Add support for Sidewinder 6.x, 7.x gateways ( merged to 2.1.x )
X Add support for Netgear gateways ( merged to 2.1.x )
X Fix secrity flaws in the ipc server admin code
X Fix slow responsiveness duing DHCP over IPsec negotiations
X Fix reverse DNS lookup issues with DNS proxy daemon
X Make the client config subordinate to the phase1 handle
X Use bdata instead of openssl key struct pointer in keyfile code
X Use overlapped IO to interface with the windows filter driver
X Fix the 500ms wakeup issue by avoiding vflt select-like calls
X Fix all memory leaks reported by various debugging tools
X Fix TCP LSO task offload in vflt driver on Vista/7 platforms
X Fix WLAN virtual adapter issue reported on mailing list
X Fix dialog color issues for windows HCB accessibility modes
X Fix keyboard navigation to site profiles in access manager
X Fix reported problems with DHCP over IPsec
X Add support for newer openssl supported message auth algorithms
X Add support for both ike and pfs dh groups 16, 17 and 18
X Add support for unattended installations ( needs signed drivers )
X Make all client platforms use file based site configurations
X Make certificate data an embedded component of the site config
X Add support for public site configurations on Windows Platforms
X Fix handling of low-power-state notifications in iked on Windows
. Add support for Secure Domain Login on Vista/7 platforms
. Investigate PPP with Virtual Adapter DNS preference issue
. Improve support for automatic stable software update checks
. Cleanup registry based site configuration data
. Test all rsa key file scenarios that use password protection
2.2.1 release - Bug fix and fine tuning
----------------------------------------------------------------------
. Fix or add all documented command line options in iked
. Add support for encrypted site configuration storage
. Cleanup all references to the obsolete COMPAT policy mode
. Fix DNS setting issues with newer Mac OSX platforms
. Add support for two factor user authentication methods
. Apply Qt4 French translation patch from Alexis Lagoutte
Near Term Goals
----------------------------------------------------------------------
. Validate USB WIFI/Ethernet adapter support on Windows Platforms
. Validate and document support for OpenBSD gateways
. Validate and document support for Strong/OpenSWAN gateways
. Validate and document support for SonicWall gateways
x Validate and document support for Checkpoint gateways
. Validate and document support for Lancom gateways
. Cleanup libpfk, its really ugly
. Fix static buffer usage for temporary string data
? Use Qt4 to build unified cross platform GUI components
? Add ability to drag site connections as shortcuts
? Add support for client connect/disconnect script execution
? Add adaptive communications during connect ( Frag/NATT )
? Move to a purely primitive based tunnel confguration interface
? Add support for lzs compression ( patent encumbered )
? Add support for microsoft certificate and key storage api
Long Term Goals
----------------------------------------------------------------------
. Fix the server mode support in iked
. Write a setkey replacement based on libpfk
. Stateful client side firewall
. Create lightweight kernel or userland buildable crypto library
. Move ip security processing into the kernel
----------------------------------------------------------------------
pfSense
----------------------------------------------------------------------
X Add support for modecfg
X Add support for Xauth
. Add support for fine grained network access control
----------------------------------------------------------------------
IPSEC-TOOLS
----------------------------------------------------------------------
X LDAP auth module
X Group based sainfo selection
X Group based xauth
X isakmp_id2str
X sainfo debug improvements
X responder ignores inital fragment
X clientaddr
. review sa cleanup after client disconnect
. cleanup modeconfg and introduce ike push mode
. negotiate unity firewall rulesets via modecfg
|