1 version 1.0.3 Nov 11 2004
3 * Show error message when failing to write a PID file.
5 * Ignore spaces at end of lines in config files.
7 * Fix handling of late packets.
9 * Unify BSD tun/tap device handling. This allows IPv6 on tun devices and
10 anything on tap devices as long as the underlying OS supports it.
12 * Handle IPv6 on Solaris tun devices.
14 * Allow tinc to work properly under Windows XP SP2.
16 * Allow VLAN tagged Ethernet frames in switch and hub mode.
18 * Experimental PMTUDiscovery, TunnelServer and BlockingTCP options.
20 version 1.0.2 Nov 8 2003
22 * Fix address and hostname resolving under Windows.
24 * Remove warnings about non-existing scripts and unsupported address families.
26 * Use the event logger under Windows.
28 * Fix quoting of filenames and command line arguments under Windows.
30 * Strict checks for length incoming network packets and return values of
31 cryptographic functions,
33 * Fix a bug in metadata handling that made the tinc daemon abort.
35 version 1.0.1 Aug 14 2003
37 * Allow empty lines in config files.
39 * Fix handling of spaces and backslashes in filenames under native Windows.
41 * Allow scripts to be executed under native Windows.
43 * Update documentation, make it less Linux specific.
45 version 1.0 Aug 4 2003
47 * Lots of small bugfixes and code cleanups.
49 * Throughput doubled and latency reduced.
51 * Added support for LZO compression.
53 * No need to set MAC address or disable ARP anymore.
55 * Added support for Windows 2000 and XP, both natively and in a Cygwin
58 version 1.0pre8 Sep 16 2002
60 * More fixes for subnets with prefixlength undivisible by 8.
62 * Added support for NetBSD and MacOS/X.
64 * Switched from undirected graphs to directed graphs to avoid certain race
65 conditions and improve scalability.
67 * Generalized broadcasting and forwarding of protocol messages.
69 * Cleanup of source code.
72 version 1.0pre7 Apr 7 2002
74 * Don't do blocking read()s when getting a signal.
76 * Remove RSA key checking code, since it sometimes thinks perfectly good RSA
79 * Fix handling of subnets when prefixlength isn't divisible by 8.
82 version 1.0pre6 Mar 27 2002
84 * Improvement of redundant links:
86 * Non-blocking connects.
88 * Protocol broadcast messages can no longer go into an infinite loop.
90 * Graph algorithm updated to look harder for direct connections.
92 * Good support for routing IPv6 packets over the VPN. Works on Linux,
93 FreeBSD, possibly OpenBSD but not on Solaris.
95 * Support for tunnels over IPv6 networks. Works on all supported
98 * Optional compression of UDP connections using zlib.
100 * Optionally let UDP connections inherit TOS field of tunneled packets.
102 * Optionally start scripts when certain hosts become (un)reachable.
105 version 1.0pre5 Feb 9 2002
107 * Security enhancements:
109 * Added sequence number and optional message authentication code to
112 * Configurable encryption cipher and digest algorithms.
114 * More robust handling of dis- and reconnects.
116 * Added a "switch" and a "hub" mode to allow bridging setups.
118 * Preliminary support for routing of IPv6 packets.
120 * Supports Linux, FreeBSD, OpenBSD and Solaris.
123 It looks like this might be the last release before 1.0.
126 version 1.0pre4 Jan 17 2001
128 * Updated documentation; the documentation now reflects the
129 configuration as it is.
131 * Some internal changes to make tinc scale better for large
132 networks, such as using AVL trees instead of linked lists for the
135 * RSA keys can be stored in separate files if needed. See the
136 documentation for more information.
138 * tinc has now been reported to run on Linux PowerPC and FreeBSD x86.
142 version 1.0pre3 Oct 31 2000
144 * The protocol has been redesigned, and although some details are
145 still under discussion, this is secure. Care has been taken to
146 resist most, if not all, attacks.
148 * Unfortunately this protocol is not compatible with earlier versions,
149 nor are earlier versions compatible with this version. Because the
150 older protocol has huge security flaws, we feel that not
151 implementing backwards compatibility is justified.
153 * Some data about the protocol:
155 * It uses public/private RSA keys for authentication (this is the
156 actual fix for the security hole).
158 * All cryptographic functions have been taken out of tinc, instead
159 it uses the OpenSSL library functions.
161 * Offers support for multiple subnets per tinc daemon.
163 * New is also the support for the universal tun/tap device. This
164 means better portability to FreeBSD and Solaris.
166 * tinc is tested to compile on Solaris, Linux x86, Linux alpha.
168 * tinc now uses the OpenSSL library for cryptographic operations.
169 More information on getting and installing OpenSSL is in the manual.
170 This also means that the GMP library is no longer required.
172 * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
173 Carrasco provided us with a Spanish translation of the manual.
176 What still needs to be done before 1.0:
178 * Documentation. Especially since the protocol has changed, and a lot
179 of configuration directives have been added.
184 version 1.0pre2 May 31 2000
186 * This version has been internationalized; and a Dutch translation has
189 * Two configuration variables have been added:
190 * VpnMask - the IP network mask for the entire VPN, not just our
191 subnet (as given by MyVirtualIP). The Redhat and Debian packages
192 use this variable in their system startup scripts, but it is
194 * Hostnames - if set to `yes', look up the names of IP addresses
195 trying to connect to us. Default set to `no', to prevent lockups
198 * The system startup scripts for Debian and Redhat use
199 /etc/tinc/nets.boot to find out which networks need to be started
202 * Fixes to prevent denial of service attacks by sending random data
203 after connecting (and even when the connection has been established),
204 either random garbage or just nonsensical protocol fields.
206 * tinc will retry to connect upon startup, does not quit if it doesn't
209 * Hosts that are disconnected implicitly if we lose a connection get
210 deleted from the internal list, to prevent hogging eachother with
211 add and delete requests when the connection is restored.
214 What still needs to be done before 1.0:
217 * Failover ConnectTo lines, try another one if the first doesn't work.
222 version 1.0pre1 May 12 2000
224 * Various other bugfixes
225 * Documentation updates
227 version 0.3.3 Feb 9 2000
228 * Fixed bug that made tinc stop working with latest kernels (Guus
232 version 0.3.2 Nov 12 1999
233 * no more `Invalid filedescriptor' when working with multiple
235 * forward unknown packets to uplink
237 version 0.3.1 Oct 20 1999
238 * fixed a bug where tinc would exit without a trace
240 version 0.3 Aug 20 1999
241 * pings now work immediately
242 * all packet sizes get transmitted correctly
244 version 0.2.26 Aug 15 1999
245 * fixed some remaining bugs
246 * --sysconfdir works with configure
247 * last version before 0.3
249 version 0.2.25 Aug 8 1999
250 * improved stability, going towards 0.3 now.
252 version 0.2.24 Aug 7 1999
253 * added key aging, there's a new config variable, KeyExpire.
254 * updated man and info pages
256 version 0.2.23 Aug 5 1999
257 * all known bugs fixed, this is a candidate for 0.3
259 version 0.2.22 Apr 11 1999
260 * multiconnection thing is now working nearly perfect :)
262 version 0.2.21 Apr 10 1999
263 * You shouldn't notice a thing, but a lot has changed wrt key
264 management - except that it refuses to talk to versions < 0.2.20
268 version 0.2.19 Apr 3 1999
269 * don't install a libcipher.so
271 version 0.2.18 Apr 3 1999
272 * blowfish library dynamically loaded upon execution
273 * included Eric Young's IDEA library
275 version 0.2.17 Apr 1 1999
276 * tincd now re-executes itself in case of a segmentation fault.
278 version 0.2.16 Apr 1 1999
279 * wrote tincd.conf(5) man page, which still needs a lot of work.
280 * config file now accepts and tolerates spaces, and any integer base
281 for integer variables, and better error reporting. See
282 doc/tincd.conf.sample for an example.
284 version 0.2.15 Mar 29 1999
287 version 0.2.14 Feb 10 1999
288 * added --timeout flag and PingTimeout configuration
289 * did some first syslog cleanup work
291 version 0.2.13 Jan 23 1999
294 version 0.2.12 Jan 23 1999
295 * fixed nauseating bug so that it would crash whenever a connection
298 version 0.2.11 Jan 22 1999
299 * framework for multiple connections has been done
300 * simple manpage for tincd
302 version 0.2.10 Jan 18 1999
303 * passphrase support added
305 version 0.2.9 Jan 13 1999
308 version 0.2.8 Jan 11 1999
309 * a reworked protocol version
311 * more reliable networking code
312 * automatic reconnection
313 * still does not work with more than one connection :)
314 * strips MAC addresses before sending, so there's less overhead, and
317 version 0.2.7 Jan 3 1999
318 * several updates to make extending more easy.
320 version 0.2.6 Dec 20 1998
321 * Point-to-Point connections have been established, including
322 blowfish encryption and a secret key-exchange.
324 version 0.2.5 Dec 16 1998
325 * Project renamed to tinc, in honour of TINC.
327 version 0.2.4 Dec 16 1998
328 * now it really does ;)
330 version 0.2.3 Nov 24 1998
331 * it sort of works now
333 version 0.2.2 Nov 20 1998
336 version 0.2.1 Nov 14 1998