X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=NEWS;h=7062c002978e8a10667e78b5901ecccb0379edbe;hp=290f59fd22f52bc79291a5ec4bc4173ed4df9266;hb=cebcf78b9a24f70902009bea23514e55d84b096a;hpb=1243156a5e03a666b36bc4400f1402243a85c9a7 diff --git a/NEWS b/NEWS index 290f59fd..7062c002 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,91 @@ -version 0.3.4 Feb 19 2000 - * The fix that was in 0.3.3 appeared to be wrong. Fixed now. +version 1.0pre4 UNRELEASED + + + +version 1.0pre3 Oct 31 2000 + +* The protocol has been redesigned, and although some details are + still under discussion, this is secure. Care has been taken to + resist most, if not all, attacks. + +* Unfortunately this protocol is not compatible with earlier versions, + nor are earlier versions compatible with this version. Because the + older protocol has huge security flaws, we feel that not + implementing backwards compatibility is justified. + +* Some data about the protocol: + + * It uses public/private RSA keys for authentication (this is the + actual fix for the security hole). + + * All cryptographic functions have been taken out of tinc, instead + it uses the OpenSSL library functions. + + * Offers support for multiple subnets per tinc daemon. + +* New is also the support for the universal tun/tap device. This + means better portability to FreeBSD and Solaris. + +* tinc is tested to compile on Solaris, Linux x86, Linux alpha. + +* tinc now uses the OpenSSL library for cryptographic operations. + More information on getting and installing OpenSSL is in the manual. + This also means that the GMP library is no longer required. + +* Further, thanks to Enrique Zanardi, we have Spanish messages; Matias + Carrasco provided us with a Spanish translation of the manual. + + +What still needs to be done before 1.0: + +* Documentation. Especially since the protocol has changed, and a lot + of configuration directives have been added. + + + + +version 1.0pre2 May 31 2000 + +* This version has been internationalized; and a Dutch translation has + been included. + +* Two configuration variables have been added: + * VpnMask - the IP network mask for the entire VPN, not just our + subnet (as given by MyVirtualIP). The Redhat and Debian packages + use this variable in their system startup scripts, but it is + ignored by tinc. + * Hostnames - if set to `yes', look up the names of IP addresses + trying to connect to us. Default set to `no', to prevent lockups + during lookups. + +* The system startup scripts for Debian and Redhat use + /etc/tinc/nets.boot to find out which networks need to be started + during system boot. + +* Fixes to prevent denial of service attacks by sending random data + after connecting (and even when the connection has been established), + either random garbage or just nonsensical protocol fields. + +* tinc will retry to connect upon startup, does not quit if it doesn't + work the first time. + +* Hosts that are disconnected implicitly if we lose a connection get + deleted from the internal list, to prevent hogging eachother with + add and delete requests when the connection is restored. + + +What still needs to be done before 1.0: + +* Documentation. +* Failover ConnectTo lines, try another one if the first doesn't work. + + + + +version 1.0pre1 May 12 2000 + * New meta-protocol + * Various other bugfixes + * Documentation updates version 0.3.3 Feb 9 2000 * Fixed bug that made tinc stop working with latest kernels (Guus