1 version 1.0pre3 Oct 31 2000
3 * The protocol has been redesigned, and although some details are
4 still under discussion, this is secure. Care has been taken to
5 resist most, if not all, attacks.
7 * Unfortunately this protocol is not compatible with earlier versions,
8 nor are earlier versions compatible with this version. Because the
9 older protocol has huge security flaws, we feel that not
10 implementing backwards compatibility is justified.
12 * Some data about the protocol:
14 * It uses public/private RSA keys for authentication (this is the
15 actual fix for the security hole).
17 * All cryptographic functions have been taken out of tinc, instead
18 it uses the OpenSSL library functions.
20 * Offers support for multiple subnets per tinc daemon.
22 * New is also the support for the universal tun/tap device. This
23 means better portability to FreeBSD and Solaris.
25 * tinc is tested to compile on Solaris, Linux x86, Linux alpha.
27 * tinc now uses the OpenSSL library for cryptographic operations.
28 More information on getting and installing OpenSSL is in the manual.
29 This also means that the GMP library is no longer required.
31 * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
32 Carrasco provided us with a Spanish translation of the manual.
35 What still needs to be done before 1.0:
37 * Documentation. Especially since the protocol has changed, and a lot
38 of configuration directives have been added.
43 version 1.0pre2 May 31 2000
45 * This version has been internationalized; and a Dutch translation has
48 * Two configuration variables have been added:
49 * VpnMask - the IP network mask for the entire VPN, not just our
50 subnet (as given by MyVirtualIP). The Redhat and Debian packages
51 use this variable in their system startup scripts, but it is
53 * Hostnames - if set to `yes', look up the names of IP addresses
54 trying to connect to us. Default set to `no', to prevent lockups
57 * The system startup scripts for Debian and Redhat use
58 /etc/tinc/nets.boot to find out which networks need to be started
61 * Fixes to prevent denial of service attacks by sending random data
62 after connecting (and even when the connection has been established),
63 either random garbage or just nonsensical protocol fields.
65 * tinc will retry to connect upon startup, does not quit if it doesn't
68 * Hosts that are disconnected implicitly if we lose a connection get
69 deleted from the internal list, to prevent hogging eachother with
70 add and delete requests when the connection is restored.
73 What still needs to be done before 1.0:
76 * Failover ConnectTo lines, try another one if the first doesn't work.
81 version 1.0pre1 May 12 2000
83 * Various other bugfixes
84 * Documentation updates
86 version 0.3.3 Feb 9 2000
87 * Fixed bug that made tinc stop working with latest kernels (Guus
91 version 0.3.2 Nov 12 1999
92 * no more `Invalid filedescriptor' when working with multiple
94 * forward unknown packets to uplink
96 version 0.3.1 Oct 20 1999
97 * fixed a bug where tinc would exit without a trace
99 version 0.3 Aug 20 1999
100 * pings now work immediately
101 * all packet sizes get transmitted correctly
103 version 0.2.26 Aug 15 1999
104 * fixed some remaining bugs
105 * --sysconfdir works with configure
106 * last version before 0.3
108 version 0.2.25 Aug 8 1999
109 * improved stability, going towards 0.3 now.
111 version 0.2.24 Aug 7 1999
112 * added key aging, there's a new config variable, KeyExpire.
113 * updated man and info pages
115 version 0.2.23 Aug 5 1999
116 * all known bugs fixed, this is a candidate for 0.3
118 version 0.2.22 Apr 11 1999
119 * multiconnection thing is now working nearly perfect :)
121 version 0.2.21 Apr 10 1999
122 * You shouldn't notice a thing, but a lot has changed wrt key
123 management - except that it refuses to talk to versions < 0.2.20
127 version 0.2.19 Apr 3 1999
128 * don't install a libcipher.so
130 version 0.2.18 Apr 3 1999
131 * blowfish library dynamically loaded upon execution
132 * included Eric Young's IDEA library
134 version 0.2.17 Apr 1 1999
135 * tincd now re-executes itself in case of a segmentation fault.
137 version 0.2.16 Apr 1 1999
138 * wrote tincd.conf(5) man page, which still needs a lot of work.
139 * config file now accepts and tolerates spaces, and any integer base
140 for integer variables, and better error reporting. See
141 doc/tincd.conf.sample for an example.
143 version 0.2.15 Mar 29 1999
146 version 0.2.14 Feb 10 1999
147 * added --timeout flag and PingTimeout configuration
148 * did some first syslog cleanup work
150 version 0.2.13 Jan 23 1999
153 version 0.2.12 Jan 23 1999
154 * fixed nauseating bug so that it would crash whenever a connection
157 version 0.2.11 Jan 22 1999
158 * framework for multiple connections has been done
159 * simple manpage for tincd
161 version 0.2.10 Jan 18 1999
162 * passphrase support added
164 version 0.2.9 Jan 13 1999
167 version 0.2.8 Jan 11 1999
168 * a reworked protocol version
170 * more reliable networking code
171 * automatic reconnection
172 * still does not work with more than one connection :)
173 * strips MAC addresses before sending, so there's less overhead, and
176 version 0.2.7 Jan 3 1999
177 * several updates to make extending more easy.
179 version 0.2.6 Dec 20 1998
180 * Point-to-Point connections have been established, including
181 blowfish encryption and a secret key-exchange.
183 version 0.2.5 Dec 16 1998
184 * Project renamed to tinc, in honour of TINC.
186 version 0.2.4 Dec 16 1998
187 * now it really does ;)
189 version 0.2.3 Nov 24 1998
190 * it sort of works now
192 version 0.2.2 Nov 20 1998
195 version 0.2.1 Nov 14 1998