1 version 1.0pre4 UNRELEASED
5 version 1.0pre3 Oct 31 2000
7 * The protocol has been redesigned, and although some details are
8 still under discussion, this is secure. Care has been taken to
9 resist most, if not all, attacks.
11 * Unfortunately this protocol is not compatible with earlier versions,
12 nor are earlier versions compatible with this version. Because the
13 older protocol has huge security flaws, we feel that not
14 implementing backwards compatibility is justified.
16 * Some data about the protocol:
18 * It uses public/private RSA keys for authentication (this is the
19 actual fix for the security hole).
21 * All cryptographic functions have been taken out of tinc, instead
22 it uses the OpenSSL library functions.
24 * Offers support for multiple subnets per tinc daemon.
26 * New is also the support for the universal tun/tap device. This
27 means better portability to FreeBSD and Solaris.
29 * tinc is tested to compile on Solaris, Linux x86, Linux alpha.
31 * tinc now uses the OpenSSL library for cryptographic operations.
32 More information on getting and installing OpenSSL is in the manual.
33 This also means that the GMP library is no longer required.
35 * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
36 Carrasco provided us with a Spanish translation of the manual.
39 What still needs to be done before 1.0:
41 * Documentation. Especially since the protocol has changed, and a lot
42 of configuration directives have been added.
47 version 1.0pre2 May 31 2000
49 * This version has been internationalized; and a Dutch translation has
52 * Two configuration variables have been added:
53 * VpnMask - the IP network mask for the entire VPN, not just our
54 subnet (as given by MyVirtualIP). The Redhat and Debian packages
55 use this variable in their system startup scripts, but it is
57 * Hostnames - if set to `yes', look up the names of IP addresses
58 trying to connect to us. Default set to `no', to prevent lockups
61 * The system startup scripts for Debian and Redhat use
62 /etc/tinc/nets.boot to find out which networks need to be started
65 * Fixes to prevent denial of service attacks by sending random data
66 after connecting (and even when the connection has been established),
67 either random garbage or just nonsensical protocol fields.
69 * tinc will retry to connect upon startup, does not quit if it doesn't
72 * Hosts that are disconnected implicitly if we lose a connection get
73 deleted from the internal list, to prevent hogging eachother with
74 add and delete requests when the connection is restored.
77 What still needs to be done before 1.0:
80 * Failover ConnectTo lines, try another one if the first doesn't work.
85 version 1.0pre1 May 12 2000
87 * Various other bugfixes
88 * Documentation updates
90 version 0.3.3 Feb 9 2000
91 * Fixed bug that made tinc stop working with latest kernels (Guus
95 version 0.3.2 Nov 12 1999
96 * no more `Invalid filedescriptor' when working with multiple
98 * forward unknown packets to uplink
100 version 0.3.1 Oct 20 1999
101 * fixed a bug where tinc would exit without a trace
103 version 0.3 Aug 20 1999
104 * pings now work immediately
105 * all packet sizes get transmitted correctly
107 version 0.2.26 Aug 15 1999
108 * fixed some remaining bugs
109 * --sysconfdir works with configure
110 * last version before 0.3
112 version 0.2.25 Aug 8 1999
113 * improved stability, going towards 0.3 now.
115 version 0.2.24 Aug 7 1999
116 * added key aging, there's a new config variable, KeyExpire.
117 * updated man and info pages
119 version 0.2.23 Aug 5 1999
120 * all known bugs fixed, this is a candidate for 0.3
122 version 0.2.22 Apr 11 1999
123 * multiconnection thing is now working nearly perfect :)
125 version 0.2.21 Apr 10 1999
126 * You shouldn't notice a thing, but a lot has changed wrt key
127 management - except that it refuses to talk to versions < 0.2.20
131 version 0.2.19 Apr 3 1999
132 * don't install a libcipher.so
134 version 0.2.18 Apr 3 1999
135 * blowfish library dynamically loaded upon execution
136 * included Eric Young's IDEA library
138 version 0.2.17 Apr 1 1999
139 * tincd now re-executes itself in case of a segmentation fault.
141 version 0.2.16 Apr 1 1999
142 * wrote tincd.conf(5) man page, which still needs a lot of work.
143 * config file now accepts and tolerates spaces, and any integer base
144 for integer variables, and better error reporting. See
145 doc/tincd.conf.sample for an example.
147 version 0.2.15 Mar 29 1999
150 version 0.2.14 Feb 10 1999
151 * added --timeout flag and PingTimeout configuration
152 * did some first syslog cleanup work
154 version 0.2.13 Jan 23 1999
157 version 0.2.12 Jan 23 1999
158 * fixed nauseating bug so that it would crash whenever a connection
161 version 0.2.11 Jan 22 1999
162 * framework for multiple connections has been done
163 * simple manpage for tincd
165 version 0.2.10 Jan 18 1999
166 * passphrase support added
168 version 0.2.9 Jan 13 1999
171 version 0.2.8 Jan 11 1999
172 * a reworked protocol version
174 * more reliable networking code
175 * automatic reconnection
176 * still does not work with more than one connection :)
177 * strips MAC addresses before sending, so there's less overhead, and
180 version 0.2.7 Jan 3 1999
181 * several updates to make extending more easy.
183 version 0.2.6 Dec 20 1998
184 * Point-to-Point connections have been established, including
185 blowfish encryption and a secret key-exchange.
187 version 0.2.5 Dec 16 1998
188 * Project renamed to tinc, in honour of TINC.
190 version 0.2.4 Dec 16 1998
191 * now it really does ;)
193 version 0.2.3 Nov 24 1998
194 * it sort of works now
196 version 0.2.2 Nov 20 1998
199 version 0.2.1 Nov 14 1998