1 version 1.0pre8 Sep 16 2002
3 * More fixes for subnets with prefixlength undivisible by 8.
5 * Added support for NetBSD and MacOS/X.
7 * Switched from undirected graphs to directed graphs to avoid certain race
8 conditions and improve scalability.
10 * Generalized broadcasting and forwarding of protocol messages.
12 * Cleanup of source code.
15 version 1.0pre7 Apr 7 2002
17 * Don't do blocking read()s when getting a signal.
19 * Remove RSA key checking code, since it sometimes thinks perfectly good RSA
22 * Fix handling of subnets when prefixlength isn't divisible by 8.
25 version 1.0pre6 Mar 27 2002
27 * Improvement of redundant links:
29 * Non-blocking connects.
31 * Protocol broadcast messages can no longer go into an infinite loop.
33 * Graph algorithm updated to look harder for direct connections.
35 * Good support for routing IPv6 packets over the VPN. Works on Linux,
36 FreeBSD, possibly OpenBSD but not on Solaris.
38 * Support for tunnels over IPv6 networks. Works on all supported
41 * Optional compression of UDP connections using zlib.
43 * Optionally let UDP connections inherit TOS field of tunneled packets.
45 * Optionally start scripts when certain hosts become (un)reachable.
48 version 1.0pre5 Feb 9 2002
50 * Security enhancements:
52 * Added sequence number and optional message authentication code to
55 * Configurable encryption cipher and digest algorithms.
57 * More robust handling of dis- and reconnects.
59 * Added a "switch" and a "hub" mode to allow bridging setups.
61 * Preliminary support for routing of IPv6 packets.
63 * Supports Linux, FreeBSD, OpenBSD and Solaris.
66 It looks like this might be the last release before 1.0.
69 version 1.0pre4 Jan 17 2001
71 * Updated documentation; the documentation now reflects the
72 configuration as it is.
74 * Some internal changes to make tinc scale better for large
75 networks, such as using AVL trees instead of linked lists for the
78 * RSA keys can be stored in separate files if needed. See the
79 documentation for more information.
81 * tinc has now been reported to run on Linux PowerPC and FreeBSD x86.
85 version 1.0pre3 Oct 31 2000
87 * The protocol has been redesigned, and although some details are
88 still under discussion, this is secure. Care has been taken to
89 resist most, if not all, attacks.
91 * Unfortunately this protocol is not compatible with earlier versions,
92 nor are earlier versions compatible with this version. Because the
93 older protocol has huge security flaws, we feel that not
94 implementing backwards compatibility is justified.
96 * Some data about the protocol:
98 * It uses public/private RSA keys for authentication (this is the
99 actual fix for the security hole).
101 * All cryptographic functions have been taken out of tinc, instead
102 it uses the OpenSSL library functions.
104 * Offers support for multiple subnets per tinc daemon.
106 * New is also the support for the universal tun/tap device. This
107 means better portability to FreeBSD and Solaris.
109 * tinc is tested to compile on Solaris, Linux x86, Linux alpha.
111 * tinc now uses the OpenSSL library for cryptographic operations.
112 More information on getting and installing OpenSSL is in the manual.
113 This also means that the GMP library is no longer required.
115 * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
116 Carrasco provided us with a Spanish translation of the manual.
119 What still needs to be done before 1.0:
121 * Documentation. Especially since the protocol has changed, and a lot
122 of configuration directives have been added.
127 version 1.0pre2 May 31 2000
129 * This version has been internationalized; and a Dutch translation has
132 * Two configuration variables have been added:
133 * VpnMask - the IP network mask for the entire VPN, not just our
134 subnet (as given by MyVirtualIP). The Redhat and Debian packages
135 use this variable in their system startup scripts, but it is
137 * Hostnames - if set to `yes', look up the names of IP addresses
138 trying to connect to us. Default set to `no', to prevent lockups
141 * The system startup scripts for Debian and Redhat use
142 /etc/tinc/nets.boot to find out which networks need to be started
145 * Fixes to prevent denial of service attacks by sending random data
146 after connecting (and even when the connection has been established),
147 either random garbage or just nonsensical protocol fields.
149 * tinc will retry to connect upon startup, does not quit if it doesn't
152 * Hosts that are disconnected implicitly if we lose a connection get
153 deleted from the internal list, to prevent hogging eachother with
154 add and delete requests when the connection is restored.
157 What still needs to be done before 1.0:
160 * Failover ConnectTo lines, try another one if the first doesn't work.
165 version 1.0pre1 May 12 2000
167 * Various other bugfixes
168 * Documentation updates
170 version 0.3.3 Feb 9 2000
171 * Fixed bug that made tinc stop working with latest kernels (Guus
175 version 0.3.2 Nov 12 1999
176 * no more `Invalid filedescriptor' when working with multiple
178 * forward unknown packets to uplink
180 version 0.3.1 Oct 20 1999
181 * fixed a bug where tinc would exit without a trace
183 version 0.3 Aug 20 1999
184 * pings now work immediately
185 * all packet sizes get transmitted correctly
187 version 0.2.26 Aug 15 1999
188 * fixed some remaining bugs
189 * --sysconfdir works with configure
190 * last version before 0.3
192 version 0.2.25 Aug 8 1999
193 * improved stability, going towards 0.3 now.
195 version 0.2.24 Aug 7 1999
196 * added key aging, there's a new config variable, KeyExpire.
197 * updated man and info pages
199 version 0.2.23 Aug 5 1999
200 * all known bugs fixed, this is a candidate for 0.3
202 version 0.2.22 Apr 11 1999
203 * multiconnection thing is now working nearly perfect :)
205 version 0.2.21 Apr 10 1999
206 * You shouldn't notice a thing, but a lot has changed wrt key
207 management - except that it refuses to talk to versions < 0.2.20
211 version 0.2.19 Apr 3 1999
212 * don't install a libcipher.so
214 version 0.2.18 Apr 3 1999
215 * blowfish library dynamically loaded upon execution
216 * included Eric Young's IDEA library
218 version 0.2.17 Apr 1 1999
219 * tincd now re-executes itself in case of a segmentation fault.
221 version 0.2.16 Apr 1 1999
222 * wrote tincd.conf(5) man page, which still needs a lot of work.
223 * config file now accepts and tolerates spaces, and any integer base
224 for integer variables, and better error reporting. See
225 doc/tincd.conf.sample for an example.
227 version 0.2.15 Mar 29 1999
230 version 0.2.14 Feb 10 1999
231 * added --timeout flag and PingTimeout configuration
232 * did some first syslog cleanup work
234 version 0.2.13 Jan 23 1999
237 version 0.2.12 Jan 23 1999
238 * fixed nauseating bug so that it would crash whenever a connection
241 version 0.2.11 Jan 22 1999
242 * framework for multiple connections has been done
243 * simple manpage for tincd
245 version 0.2.10 Jan 18 1999
246 * passphrase support added
248 version 0.2.9 Jan 13 1999
251 version 0.2.8 Jan 11 1999
252 * a reworked protocol version
254 * more reliable networking code
255 * automatic reconnection
256 * still does not work with more than one connection :)
257 * strips MAC addresses before sending, so there's less overhead, and
260 version 0.2.7 Jan 3 1999
261 * several updates to make extending more easy.
263 version 0.2.6 Dec 20 1998
264 * Point-to-Point connections have been established, including
265 blowfish encryption and a secret key-exchange.
267 version 0.2.5 Dec 16 1998
268 * Project renamed to tinc, in honour of TINC.
270 version 0.2.4 Dec 16 1998
271 * now it really does ;)
273 version 0.2.3 Nov 24 1998
274 * it sort of works now
276 version 0.2.2 Nov 20 1998
279 version 0.2.1 Nov 14 1998