X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=NEWS;h=806f2b79317ae1dbc05f9d34cc69924f8c4985c9;hb=6ec4596557d658f6c15c2cb9a96152c8c476118a;hp=44366cdaea32a8b97dd8506252bb276b62ed77f7;hpb=79e9a4f743b7b59fed968575f6b36171cf4a0063;p=tinc diff --git a/NEWS b/NEWS index 44366cda..806f2b79 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,100 @@ -Version 1.1-cvs Work in progress +Version 1.1pre3 October 14 2012 + + * New experimental protocol: + * Uses 521 bit ECDSA keys for authentication. + * Uses AES-256-CTR and HMAC-SHA256. + * Always provides perfect forward secrecy. + * Used for both meta-connections and VPN packets. + * VPN packets are encrypted end-to-end. + + * Many improvements to tincctl: + * "config" command shows/adds/changes configuration variables. + * "export" and "import" commands help exchange configuration files. + * "init" command sets up initial configuration files. + * "info" command shows details about a node, subnet or address. + * "log" command shows live log messages. + * Without a command it acts as a shell, with history and TAB completion. + * Improved starting/stopping tincd. + * Improved graph output. + + * When trying to directly send UDP packets to a node for which multiple + addresses are known, all of them are tried. + + * Many small fixes, code cleanups and documentation updates. + +Version 1.1pre2 July 17 2011 + + * .cookie files are renamed to .pid files, which are compatible with 1.0.x. + + * Experimental protocol enhancements that can be enabled with the option + ExperimentalProtocol = yes: + + * Ephemeral ECDH key exchange will be used for both the meta protocol and + UDP session keys. + * Key exchanges are signed with ECDSA. + * ECDSA public keys are automatically exchanged after RSA authentication if + nodes do not know each other's ECDSA public key yet. + +Version 1.1pre1 June 25 2011 + + * Control interface allows control of a running tinc daemon. Used by: + * tincctl, a commandline utility + * tinc-gui, a preliminary GUI implemented in Python/wxWidgets + + * Code cleanups and reorganization. + + * Repleacable cryptography backend, currently supports OpenSSL and libgcrypt. * Use libevent to handle I/O events and timeouts. - * Use splay trees instead of AVL trees. + * Use splay trees instead of AVL trees to manage internal datastructures. + + Thanks to Scott Lamb and Sven-Haegar Koch for their contributions to this + version of tinc. + +Version 1.0.19 June 25 2012 + + * Allow :: notation in IPv6 Subnets. + + * Add support for systemd style socket activation. + + * Allow environment variables to be used for the Name option. + + * Add basic support for SOCKS proxies, HTTP proxies, and proxying through an + external command. + +Version 1.0.18 March 25 2012 + + * Fixed IPv6 in switch mode by turning off DecrementTTL by default. + + * Allow a port number to be specified in BindToAddress, which also allows tinc + to listen on multiple ports. + + * Add support for multicast communication with UML/QEMU/KVM. + +Version 1.0.17 March 10 2012 + + * The DeviceType option can now be used to select dummy, raw socket, UML and + VDE devices without needing to recompile tinc. + + * Allow multiple BindToAddress statements. + + * Decrement TTL value of IPv4 and IPv6 packets. + + * Add LocalDiscovery option allowing tinc to detect peers that are behind the + same NAT. + + * Accept Subnets passed with the -o option when StrictSubnets = yes. + + * Disabling old RSA keys when generating new ones now also works properly on + Windows. + +Version 1.0.16 July 23 2011 + + * Fixed a performance issue with TCP communication under Windows. + + * Fixed code that, during network outages, would cause tinc to exit when it + thought two nodes with identical Names were on the VPN. Version 1.0.15 June 24 2011 @@ -12,6 +104,8 @@ Version 1.0.15 June 24 2011 * Fixed ProcessPriority option under Windows. + Thanks to Loïc Grenié for his contribution to this version of tinc. + Version 1.0.14 May 8 2011 * Fixed reading configuration files that do not end with a newline. Again.