X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/4f253feef08f01c03bc63f70f9de3937541ccd79..98f1b9718dbc53cb99a3eaea6e96247becdee07f:/Changes diff --git a/Changes b/Changes index 452407b..05c4f9f 100644 --- a/Changes +++ b/Changes @@ -1,10 +1,128 @@ -* Wed Jun 29 2005 Brendan O'Dea 2.1.2 -- Don't resend IPCP while still in progress. -- Ignore duplicate ACKs for IPCP. -- Clear RADIUSIPCP for walled garden sessions on ACK. +* Tue Dec 5 2006 Brendan O'Dea 2.2.0 +- Only poll clifd if successfully bound. +- Add "Practical VPNs" document from Liran Tal as Docs/vpn . +- Add Multilink support from Khaled Al Hamwi. +- Remove non-working setuid option. +- Convert manual.html to Docbook. +- Kludge around problem with Netgear DM602 authentication. +- Add session/idle timeouts (Graham Maltby). +- Use result code AVP to set Acct-Terminate-Cause is disconnect cause + AVP is not present. +- Add radius_bind_{min,max} to simplify firewalling of RADIUS ports. +- Fix sign problem with reporting of unknown RADIUS VSAs. +- Allow DNS servers to be specified either using the old or new + vendor-specific Ascend formats. +- Security: Rhys Kidd identified a vulnerability in the handling of + heartbeat packets. Drop oversize heartbeat packets. + +* Tue Apr 18 2006 Brendan O'Dea 2.1.18 +- Don't shutdown on TerminateReq, wait for CDN. +- Interpret "local" direction correctly (as LAC) in disconnect AVPs. + +* Thu Apr 13 2006 Brendan O'Dea 2.1.17 +- Fix IPCP length test to allow Terminate-Request (4 bytes). +- Send nsctl responses back using the correct source address (thanks ltd). +- Similarly set the source for DAE responses; use bind_address when + handling forwarded packets on the master. +- Add Acct-Terminate-Cause to RADIUS stop records. + +* Thu Feb 23 2006 Brendan O'Dea 2.1.16 +- Send configured magic-no in LCP EchoReq when LCP is opened. +- Correct addition of single IP to pool (Jonathan Yarden). +- Ensure session changes from LCP ConfigReq/ConfigNak are sent to cluster. +- Verify that RADIUS packets come from a configured server (Jonathan Yarden). +- Avoid endless loop in processipcp, processipv6cp. +- Additional length checks in processlcp. +- Allow peer to request a new magic-number, or to disable magic-numbers. +- Decrease ip_conntrack_tcp_timeout_established to 5hrs (table filling). + +* Mon Dec 19 2005 Brendan O'Dea 2.1.15 +- Drop backtrace. +- Reduce logging of LCP EchoReply packets. +- Break LCP configure loop with shutdown. +- Limit value of MRU of 1492 (rfc2516). +- Tun MTU should be MRU (not MRU+4). +- Add Service-Type/Framed-Protocol to RADIUS records (Paul Martin). + +* Fri Dec 9 2005 Brendan O'Dea 2.1.14 +- Run PLUGIN_RADIUS_ACCOUNT for Start records. + +* Wed Dec 7 2005 Brendan O'Dea 2.1.13 +- Add test/ping-sweep. +- Apply spec changes from Charlie Brady: use License header, change + BuildRoot to include username. +- Fix IPCP negotiation of secondary DNS server, reported by Jon Morby. +- Clean up sessiont, removing some unused fields. +- Remove unused "MAC" config type. +- Reject unknown/unconfigured protocols on the master. +- Sanity check MRU before using in ppp_code_rej, protoreject. + +* Thu Nov 17 2005 Brendan O'Dea 2.1.12 +- Set MTU on tunnel interface so the kernel will re-fragment large + packets to within MRU. +- Fix TCP checksum recalc. +- NAK silly MRU values from peer. + +* Mon Nov 14 2005 Brendan O'Dea 2.1.11 +- Fix fragment handling in ip_filter. +- Exclude counter when comparing filter rules. + +* Sat Nov 5 2005 Brendan O'Dea 2.1.10 +- Add scripts/l2tpns-capture. +- Fix LCP Echo frequency. +- Add Framed-Route entries to RADIUS records. +- Reset restart counters correctly. +- Reset timers on sending ConfigReq. +- Only send one RADIUS Start record, even if IPCP is restarted. + +* Tue Oct 11 2005 Brendan O'Dea 2.1.9 +- Fix Calling-Station-Id in RADIUS accounting records (Slobodan Tomic). +- Fix RADIUS authentication on DAE responses. +- Don't send tunnel HELLO when there are pending control messages. +- Move plugin_radius_reset from *ctl to auto* plugins. +- Add Cisco-AVPairs to RADIUS accounting records via plugin_radius_account. + +* Mon Sep 19 2005 Brendan O'Dea 2.1.8 +- Move code from signal handlers into mainloop, avoiding a race + condition when forking CLI. + +* Fri Sep 16 2005 Brendan O'Dea 2.1.7 +- This time, for sure: really fix Protocol-Reject. + +* Fri Sep 16 2005 Brendan O'Dea 2.1.6 +- Any traffic on a tunnel resets lastrec, not just control messages. +- Use a unique identifier for LCP. +- Fix Code-Reject/Protocol-Reject. +- Add l2tp_mtu configuration option, used to define MRU, MSS. +- Adjust TCP MSS options in SYN and SYN,ACK packets to avoid + fragmentation of tcp packets. + +* Sat Sep 3 2005 Brendan O'Dea 2.1.5 +- Avoid Code-Reject loop. +- Increase size of PPP buffers to MAXETHER. +- Bug fixes for CLI ringbuffer and tunnel HELLO from Yuri. +- Restart rather than halt BGP on receipt of CEASE (Dominique Rousseau). +- Add cluster_mcast_ttl option to allow a cluster to span multiple + subnets (suggested by Tim Devries). + +* Mon Aug 29 2005 Brendan O'Dea 2.1.4 +- Drop level of "Unexpected CHAP message" log. +- Fix parsing of ProtocolRej (allow 1 or two byte protocols). +- Handle rejection of MRU negotiation by peer. +- Use local hostname for tunnel in SCCRP (Alex Kiernan). + +* Wed Aug 17 2005 Brendan O'Dea 2.1.3 +- Fail IPCP negotiation only on ConfigRej of IP-Address. + +* Wed Aug 10 2005 Brendan O'Dea 2.1.2 - Clear cluster_master on election so that slaves will accept a new master. - Provide more comments/defaults in etc/startup-config.default. - Add DAE support (PoD/CoA) from Vladislav Bjelic. +- Clean up new warnings from gcc 4.0. +- Replace flags used for LCP/IPCP with state machine. +- Include Acct-Session-Time in interim records. +- Fix DAE vector, generateload (Alex Kiernan). +- Replace RSA MD5 with public domain version. * Tue Jun 14 2005 Brendan O'Dea 2.1.1 - Add missing newline to backtrace macro.