Changes since 0.6.3:
0.6.6
* src/racoon/isakmp_xauth.c: Build fix
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendgetspi().
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendupdate().
* src/racoon/isakmp_xauth.c: fix memory leak
* src/racoon/{cfparse.y|handler.h}: typos
0.6.5
* src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
fails in isakmp_ph1resend()
* src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32
subnets parsing.
* src/racoon/isakmp_cfg.c: make software behave as the documentation
advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
* src/racoon/session.c: Fixed / cleaned up signal handling.
0.6.4
* configure.ac src/racoon/plog.c: backported Fred's workaround for
%zu problems on (at least) FreeBSD4.
* src/racoon/session.c: backport: fix possible race conditions in
signal handlers (see session.c 1.17).
* src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
disabled (Fred has still some CVS problems).
* src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
function to display SAD entries with their associated ports.
* src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
in conjunction with -D to show SADs with the port, allow both get and
delete commands to use bracketed ports if needed.
* src/racoon/racoon.conf.5: Style changes
- src/racoon/dnssec.c: fix bogus test on function result
- src/racoon/isakmp.c: Improved in/out SA addresses check in
purge_remote()
- src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings
- src/racoon/privsep.c: Fixed a %d -> %zu in port_check()
Changes since version 0.6b2:
- NAT-T fixes for situations where NAT-T is not used
- OpenSSL 0.9.8 support
- keys are not restricted to OpenSSL default size anymore
- PKCS7 support
- SHA2 support
* No need to use LIBTOOL_OVERRIDE.
* Remove unneeded ${EXAMPLESDIR} (??!!) after bl3.mk includes
* Remove unneeded BUILD_DEPEND, because this pkg uses bl3
Still libradius is broken...
establish IPsec security association with other hosts.
This is based on KAME racoon, with some enhancements such as
NAT-Traversal (needs a kernel patch), hybrid authentication,
ISAKMP mode config, RADIUS support, IKE fragmentation and others.
Ipsec-tools' racoon is able to act as a VPN server for the
Cisco VPN client using hybrid authentication.
