- Fix NAT-T problems that prevented multiple peers behind the same NAT
to talk to the same machine outside the NAT. This also require kernel
fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
over UDP when printing policies
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
