1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-30 20:10:34 +03:00
SoftEtherVPN/ChangeLog

373 lines
34 KiB
Plaintext
Raw Normal View History

SoftEther VPN 5.1 (February 14, 2018)
Use the new agreed versioning pattern, where we use 5.x for the unstable version and slowely drop the incremental number
Add the Alternative subject name field on the new X.509 certificate creation. PR #421
Fix a bug in the Win32EnumDirExW() function. PR #420
remove unused functions (identified by cppcheck). PR #440
Allow specifying cipher suites instead of single ciphers. PR #343
Add parameter "ListenIP" to server configuration (vpn_server.config). PR #202
cppcheck findings. PR #275
Add DhParamBits configuration to set Diffie-Hellman parameters. PR #129
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
Fix log msg for IKE with aggressive exchange mode. PR #425
Fixes 11 vulnerabilities found by Max Planck Institute for Molecular Genetics and Mr. Guido Vranken. PR #419
Fixed the bug which occurs the L2TP/IPsec connection error with Android Oreo, etc. PR #405
build documentation refactoring. PR #395
initial travis-ci support feature. PR #348
Reformat README. Add compile requirements. PR #379
Fix: vpncmd thinks that "hamcore.se2" is missing or broken. PR #339
fix aarch64 build. PR #281
Initial Commit of gitignore. PR #380
2017-10-19 05:48:23 +03:00
SoftEther VPN 4.23 Build 9647 Beta (October 18, 2017)
Upgraded OpenSSL to 1.0.2l.
Source code is now compatible with OpenSSL 1.1.x. Supports DHE-RSA-CHACHA 20-POLY 1305 and ECDHE-RSA-CHACHA 20-POLY 1305, which are new encryption methods of TLS 1.2. (In order to use this new function, you need to recompile yourself using OpenSSL 1.1.x.)
TrafficServer / TrafficClient function (The traffic throughput measurement function) is now multithreaded and compatible with about 10 Gbps using NIC with the RSS feature.
Changed the default algorithm for SSL from RC4-MD5 to AES128-SHA.
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
Fixed a bug that occur wrong checksum recalculation in special case of the TCP-MSS clamp processing.
2017-10-19 05:48:23 +03:00
Fixed the calculation interval of update interval of DHCP client packet issued by kernel mode virtual NAT function of SecureNAT function.
Driver upgrade and DLL name change with Crypto ID support of USB security token.
Fixed a problem that CPU sleep processing was not performed when the wait time of the Select () function was INFINITE on Mac OS X.
Added the StrictSyslogDatetimeFormat flag onto the ServerConfiguration section on the VPN Server configuration file, which sets Syslog date format to RFC3164.
Fixed wrong English in the UI.
Using client parameter in function CtConnect
Remove blank line at the start from init file (Debian)
Stop Radius Delay from counting to next_resend
Add DH groups 2048,3072,4096 to IPSec_IKE
Add HMAC SHA2-256, HMAC SHA2-384, HMAC SHA2-512 support
Openvpn extend ciphers
Fixed RSA key bits wrong calculation for certain x509 certificate
Added support for RuToken USB key PKCS#11
OpenSSL 1.1 Port
2014-01-07 00:40:52 +04:00
2017-10-19 05:48:23 +03:00
SoftEther VPN 4.22 Build 9634 Beta (November 27, 2016)
Added the support for TLS 1.2. Added TLS 1.2-based cipher sets: AES128-GCM-SHA256, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-RSA-AES256-SHA384.
Added the function to allow to configure specific TLS versions to accept / deny. In the VPN Server configuration file you can set Tls_Disable1_0, Tls_Disable1_1 and Tls_Disable1_2 flags to true to disable these TLS versions individually.
Added the support for TLS 1.2 on the OpenVPN protocol.
Updated the version of OpenSSL to 1.0.2j.
Added the support for Windows Server 2016.
Fixed the 2038-year problem.
Added the support for recording HTTPS destination hostnames, using SNI attributes, on the packet logging function.
Added the function to append the name of Virtual Hub into the "Called-Station-ID (30)" attribute value in the RADIUS authentication request packet.
Improved the behavior of Virtual Layer-3 switches. The interval of ARP request is set to 1 second.
Fixed the problem of the slow startup of VPN Server in Windows 10.
Added the support for 4096 bits RSA authentication with smart cards.
Added the support for the CryptoID USB token.
Fixed the UI string resource in English.
Fix that ParseTcpOption doesn't work correctly
Add LSB header
Support Debian package build on aarch64 architecture
Support Debian package build on ARMv7l architecture
cppcheck issues
Default to TLS connections only
Allow specific SSL/TLS versions to be disabled
Adding Radius AVP Called-Station-Id
Fixed typo
Update CentOS makefiles and spec file
Systemd service configuration files for SoftEther
Fix set initialization, set.OnlyCapsuleModeIsInvalid could be garbage
Fixed OSX CPU utilization by replacing broken kevent () with select ()
Add the possibility to send the Virtual Hub Name to an external DHCP server
Added armv5tel for debian/rules and made pushed routes work correct with OpenVPN
fix LogFileGet won't save to SAVEPATH
Fix for Debian Package
Try to autodetect OS and CPU instead of requiring user input
Support For Radius Realm
2014-01-07 00:40:52 +04:00
2017-10-19 05:48:23 +03:00
SoftEther VPN 4.21 Build 9613 Beta (April 24, 2016)
Added SoftEther VPN Server Manager for Mac OS X.
Now you can manage your SoftEther VPN Server, running remotely, from your Mac in local.
2014-01-07 00:40:52 +04:00
2017-10-19 05:48:23 +03:00
SoftEther VPN 4.20 Build 9608 RTM (April 18, 2016)
All cumulative updates below are included.
Fixed a minor English typo.
2014-01-07 00:40:52 +04:00
2017-10-19 05:48:23 +03:00
SoftEther VPN 4.19 Build 9605 Beta (March 3, 2016)
The version of OpenSSL is updated to 1.0.2g to fix the vulnerability which was published in March 2016. SSLv2 is now disabled completely.
Fixed a multi-byte character problem in the certificate generating tool.
Enable the cache of the destination IP address of the additional TCP connection for a VPN session.
SoftEther VPN 4.19 Build 9599 Beta (October 19, 2015)
Fixed the problem that an unnecessary "Insert disk" dialog box appears when installing VPN Server or VPN Bridge on Windows 10.
Added the "/NOHUP" parameter in the "TrafficServer" command of vpncmd.
Added the "/REDIRECTURL" parameter in some access list commands of vpncmd.
Added the virtual address check routines in kernel-mode drivers to prevent blue screen or invalid memory access. Previous versions of kernel-mode drivers did not check the virtual addresses from the user-mode. (NOTE: All kernel-mode drivers are protected by ACL to avoid privilege escalation in all previous versions. Only users with Administrator privileges were able to cause blue screen or invalid memory access by passing invalid addresses from the user-mode. Therefore this was not a security flaw.) Appreciate Meysam Firozi's contribution to report the similar problem in the Win10Pcap driver.
SoftEther VPN 4.19 Build 9582 Beta (October 6, 2015)
Dramatically improvement of the performance of the Virtual NAT function of SecureNAT in Linux. In the previous versions of SoftEther VPN, the SecureNAT performance was very slow in the specific situation that the Linux Virtual Machine (VM) is running with virtual Ethernet interfaces which are prohibited to enable the promiscuous mode (this problem has been frequently appeared on cloud servers such like Amazon EC2/AWS or Windows Azure). In such a situation, SecureNAT must use the user-mode TCP/IP stack simulation and it was very slow and had high latency. This version of SoftEther VPN Server adds the new "RAW IP Mode" in the SecureNAT function. The RAW IP Mode is enabled by default, and is effective only if the VPN Server process is running in the root privileges. In the RAW IP Mode, the SecureNAT function realizes to transmit and receive TCP, UDP and ICMP packets which headers are modified. This behavior realizes drastically improved performance than legacy user-mode SecureNAT in the previous versions. In order to avoid the misunderstanding of receiving packets which are towards to the Virtual NAT function, some packet filter rules are automatically added to the iptables chain list. You can disable the RAW IP Mode by setting the "DisableIpRawModeSecureNAT" value to "1" on the Virtual Hub Extending Options.
Improved the performance of the Kernel-mode SecureNAT.
Improved the stability of the L2TP VPN sessions on the network with heavy packet-losses.
Added the compatibility with Cisco 800 series routers (e.g. Cisco 841M) on the L2TPv3 over IPsec protocol. These new Cisco routers have modified L2TPv3 header interpreter. Therefore SoftEther VPN Server needed to add new codes to support these new Cisco routers.
Added the support the compatibility to YAMAHA RTX series routers on the L2TPv3 over IPsec protocol.
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
Added the support for EAP and PEAP. SoftEther VPN Server can now speak RFC3579 (EAP) or Protected EAP (PEAP) to request user authentications to the RADIUS server with the MS-CHAPv2 mechanism. If this function is enabled, all requests from L2TP VPN clients which contain MS-CHAPv2 authentication data will be converted automatically to EAP or PEAP when it is transferred to the RADIUS server. You must enable this function manually for each of Virtual Hubs. To enable the function converting from MS-CHAPv2 to EAP, set the "RadiusConvertAllMsChapv2AuthRequestToEap" value to "true" in the vpn_server.config. To enable the function converting from MS-CHAPv2 to PEAP, set both "RadiusConvertAllMsChapv2AuthRequestToEap" and "RadiusUsePeapInsteadOfEap" options to "true".
2017-10-19 05:48:23 +03:00
SoftEther VPN 4.19 Build 9578 Beta (September 15, 2015)
Solved the problem that kernel mode drivers do not pass the general tests of "Driver Verifier Manager" in Windows 10.
SoftEther VPN 4.18 Build 9570 RTM (July 26, 2015)
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
Compatible with Windows 10.
2017-10-19 05:48:23 +03:00
Solved the problem that the customized language setting on the "lang.config" file.
config sometimes corrupts in the rare condition.
SoftEther VPN 4.17 Build 9566 Beta (July 16, 2015)
Improved stability with Windows 10 Beta.
Updated the OpenSSL library to 1.0.2d.
SoftEther VPN 4.17 Build 9562 Beta (May 30, 2015)
Added supports for Windows 10 Technical Preview Build 10130.
Increased the maximum Ethernet frame size from 1560 bytes to 1600 bytes.
Fixed the compiler error while building the source code of SoftEther VPN on Windows.
Added memory tags on the memory allocation function calls in kernel-mode device drivers.
Fixed the freeze problem of the VPN Client that the computer enters to suspend or hibernation state while the VPN Client is connected to the VPN Server.
Windows-version executable and driver files are now signed by the SHA-256 digital code-sign certificate.
SoftEther VPN 4.15 Build 9546 Beta (April 5, 2015)
Fixed the problem that the Local Bridge function does not work correctly on Windows 10 Technical Preview Build 10049.
SoftEther VPN 4.15 Build 9539 Beta (April 4, 2015)
Add the code to instruct the VPN Client to disconnect the VPN session automatically when Windows is being suspending or hibernating.
SoftEther VPN 4.15 Build 9538 Beta (March 27, 2015)
Fixed the dialog-box size problem on Windows 10 Technical Preview Build 10041.
SoftEther VPN 4.15 Build 9537 Beta (March 26, 2015)
Upgraded built-in OpenSSL from 0.9.8za to 1.0.2a. Please note that this change has not been well-tested. This upgrading of OpenSSL might cause problems. In that case, please post the bug report.
SoftEther VPN 4.14 Build 9529 Beta (February 2, 2015)
We are very sorry. The previous version 4.13 (beta) has a problem to accept L2TP connections due to the session-state quota-limitation code by the minor change between Build 9514 and 9524. The problem is fixed on this build. Please update to this build if you are facing to the L2TP problem on version 4.13.
Added the function to record underlying source IP addresses of VPN clients on every packet log lines. This function can be disabled by set the "NoPhysicalIPOnPacketLog" flag in the Virtual Hub Extended Option to "1".
SoftEther VPN 4.13 Build 9524 Beta (January 31, 2015)
Modified the behavior of the Local Bridge function in the VPN Server on Linux. In the previous versions, if several Local Bridge creation operations will be made, then the operations to disable the offloading function on the target Ethernet devices will be conducted as many as same. After this version, the operation to disable the offloading function will be called only once for each device if several Local Bridge creation operations will be made on the same Ethernet device.
Added the "SecureNAT_RandomizeAssignIp" Virtual Hub Extended Option. If you set this option to non-zero value, then the Virtual DHCP Server of the SecureNAT function will choose an unused IP address randomly from the DHCP pool while the default behavior is to choose the first unused IP address.
Added the "DetectDormantSessionInterval" Virtual Hub Extended Option. If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
Added the implementation of the SHA () function in the source code. This made the building process easier on the low-memory embedded hardware which has its OpenSSL implementation without the SHA () function.
Improved the behavior on Windows 10 Technical Preview to show the OS version information correctly.
SoftEther VPN 4.12 Build 9514 Beta (November 17, 2014)
Added the VLAN ID dynamic assignment function by RADIUS. It is very useful when the layer-2 Ethernet segment with aggregated IEEE802.1Q tagged VLANs is bridged to your Virtual Hub. Each VPN session will be assigned its own VLAN ID by the RADIUS attribute value when the user is authenticated by the external RADIUS server unless the user object has a VLAN ID security policy. The RADIUS attribute with the name "Tunnel-Pvt-Group-ID" (ID = 81) will be used as the VLAN ID. The data type must be STRING. This function is disabled by default. You have to set the "AssignVLanIdByRadiusAttribute" value to "1" in the Virtual Hub Extended Options in advance.
Added the OpenVPNDefaultClientOption option in the vpn_server.config. The specified option string will be used alternatively when the connecting OpenVPN Client does not provide the connection string. Some incomplete OpenVPN Clients with the --enable-small compiling option always forget to specify this connection string. This option can make VPN Server allow such OpenVPN Clients.
Improved the DHCP option parser to allow the external DHCP server pushes the classless routing table which exceeds 255 bytes.
Added the support for "hair-pin connection" on the NAT Traversal function.
Fixed the performance problem when the server computer has the wrong resolv.conf setting file on Linux.
Fixed the VPN Client configuration backup folder name which the setup wizard automatically creates.
Fixed the UDP checksum value of the beacon packets which are sent by the Virtual Layer 3 Switch function.
SoftEther VPN 4.11 Build 9506 Beta (October 22, 2014)
As a response to the SSLv3 POODLE problem we added the "AcceptOnlyTls" configuration flag on the vpn_server.config for SoftEther VPN Server. Please set this flag is you want to completely disable the SSLv3 function in SoftEther VPN Server.
Added the perfect forward security (PFS) support on SSL/TLS. SoftEther VPN Server can now accept connections with DHE-RSA-AES128-SHA or DHE-RSA-AES256-SHA ciphers.
SoftEther VPN 4.10 Build 9505 Beta (October 3, 2014)
Implemented the hash table algorithm for the MAC address database of Virtual Hubs. It improves the performance when there are a large number of MAC addresses registered on the database.
Improved the performance on slow-CPU hardware (e.g. embedded Linux boxes).
Added the DoNotDisableOffloading flag on Local Bridge settings. This flag will disable the automated disabling operation for hardware offloading on the specified Ethernet interface on Linux.
Supports the kernel-supported IEEE802.1Q tagged VLAN on Windows and Linux. It will enable tagged-VLAN support on the Local Bridge function with some specific network interface drivers.
Added the FloodingSendQueueBufferQuota option.
Sets the lower priority value on the oom_adj process parameter for Linux.
Randomized the reconnection interval in Cascade Connection.
Increased the memory usage limit on 64-bit systems.
Modified the behavior of the ConfigGet command and the /CSV option in vpncmd for Windows to work around for the Windows console API bug.
Added the DisableSessionReconnect option on VPN Server and VPN Bridge. It makes Cascade Connection client sessions to disconnect immediately from the destination VPN Server when the based TCP connection is disconnected.
Makes it enable to use the PrivacyFilterMode security policy on Cascade server VPN sessions.
Added the GlobalParams configuration option on VPN Server and VPN Bridge. It allows administrators to modify and optimize the performance parameters of VPN Server and VPN Bridge.
Reduced the processor time of looking up the ACL entries when storing and forwarding packets across a Virtual Hub.
Reduced the usage of the memory on embedded Linux environments.
Fixed a minor bug on the GUI setting screen of the SecureNAT routing table pushing option.
Added the ServerLogSwitchType and the LoggerMaxLogSize option on VPN Server and VPN Bridge. They can change the logging behavior of VPN Server and VPN Bridge.
Implemented the config template file. The template filename is "vpn_server_template.config" for VPN Server, and "vpn_server_template.config" for VPN Bridge. The VPN Server and VPN Bridge loads the template file as the initial configuration state when the configuration file does not exists.
SoftEther VPN 4.10 Build 9473 Beta (July 12, 2014)
Added the "SuppressClientUpdateNotification" option in the Virtual Hub Extended Option list. This option will push the flag to the VPN Client to suppress the update notification screen on the VPN Client manager. To push this flag, set "1" to the "SuppressClientUpdateNotification" option in your Virtual Hub.
Added the warning message when the background service process is run by a non-root user (only in UNIX).
Fixed the deadlock bug when UNIX versions of SoftEther VPN Server process is shutting down.
Added supports for third-party PKCS#11 DLLs: ePass 1000 ND / ePass 2000 / ePass 2003 / ePass 3000.
Fixed typo.
The expression of the disclaimer statement for exporting / importing has been modified.
Fixed the VPN Azure connection problem on Version 4.09 Build 9451 Beta.
Fixed the problem that VPN Server Manager and VPN Client Manager sometimes become slow when the update check server is unreachable from the computer.
Removed space characters in every URLs of all download files on the SoftEther VPN Download Center web site to avoid the downloading problem in some HTTP clients.
A github patch which was posted by a contributor has been applied: "update debian packaging, install init script".
SoftEther VPN 4.09 Build 9451 Beta (June 9, 2014)
Improves User-mode SecureNAT performance by modifying the processing of TCP_FIN packets. It should improve the performance of the FTP protocol.
SoftEther VPN 4.08 Build 9449 (June 8, 2014)
Add a new command to generate a RSA 2048 bit certificate.
The vpncmd command-line utility has MakeCert command to generate a 1024 bit self-signed RSA certificate. However, in recent years it is recommended to use 2048 bit RSA certificates. Therefore, on this version a new command MakeCert2048 has been added. Use this command to generate a 2048 bit self-signed RSA certificate.
Workaround for the NAT traversal problem.
Adjusted the priority between TCP/IP Direct Connection and UDP-based NAT-Traversal. On this version (Ver 4.08), NAT-Traversal will always be used if the client program detects that the specified TCP destination port on the destination server is occupied by non-SoftEther VPN Server. Anyone who faces to the connection problem on the VPN Server which is behind the NAT-box should install this update.
In the previous version (Ver 4.07), when the VPN Client attempts to connect to the VPN Server, the client firstly establish the connection via the TCP/IP direct protocol. If the TCP connection establishes successfully (in the layer-3) but the TCP port returns non-VPN protocol data (in the layer-7), the protocol error occurs immediately even if the NAT-Traversal connection attempt is still pending. This phenomenon often occurs when the VPN Server is behind the NAT-box, and the NAT-box has a listening TCP-443 port by itself. In that condition, the VPN Client attempts to connect to that TCP-443 port firstly, and the protocol error occurs immediately NAT-box returns non-VPN protocol (e.g. HTML-based administration page).
In order to work around that, this version (Ver 4.08) of VPN Client changed the behavior. On this version, if the VPN Client detects that the destination TCP Port is occupied by a non-VPN program, then the client will always use NAT-Traversal socket. This minor change will fix the connection problem to VPN servers behind the NATs.
Note: The built-in NAT-Traversal function on SoftEther VPN is for temporary use only. It is not recommended to keep using UDP-based NAT-Traversal connection to beyond the NAT-box when the VPN Server is behind the NAT-box, for long-term use. It is reported that some cheap NAT-boxes disconnect UDP session in regular period (a few minutes) after NAT-Traversal connection has been made. The strongly recommended method to run VPN Server behind the NAT is to make a TCP port mapping on the NAT-box to transfer incoming VPN connection packets (e.g. TCP port 443) to the private IP address of the VPN Server.
SoftEther VPN 4.07 Build 9448 (June 6, 2014)
We updated the internal OpenSSL to 0.9.8za.
This fixes the latest OpenSSL vulnerability which has unfold on June 05.
This vulnerability does not affect on SoftEther VPN. However, we updated the SoftEther VPN build with OpenSSL 0.9.8za. The new build also includes additional improvements.
More details about this OpenVPN vulnerability is described at http://www.openssl.org/news/secadv_20140605.txt.
Other updates on this build are as followings:
The problem with OpenVPN Connect for Android 1.1.14 has been fixed. In the previous versions, OpenVPN Connect for Android 1.1.14 reports "PolarSSL Error" when it connects to the SoftEther VPN Server, if the server SSL certificate is self-signed root certificate. This X.509 certificate parsing problem is OpenVPN Connect's bug, however we performed work around for this OpenVPN Connect's bug. Please mind that you need to regenerate your self-signed root certificate in order to comply with OpenVPN Connect at once after upgrading the VPN Server to this version. To regenerate the certificate, use the GUI tool on VPN Server Manager, or execute the "ServerCertRegenerate" command on vpncmd.
The automated root certificate and intermediate certificates downloading function has been implemented. It is very helpful when you use a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. In previous versions, you had to install the root certificate and intermediate certificates manually into the "chain_certs" directory. On this version, you do not need any longer to do such a manual installation of chained certs.
The OpenVPN configuration file generating function identifies the root certificate correctly, in order to embed it as the "<ca>" inline directive in the auto-generated OpenVPN configuration file. It is very helpful if you are using a commercial certificate which has been issued by a commercial CA (Certificate Authority), including VeriSign, GlobalSign or RapidSSL. (In previous versions, you had to perform the editing task for the OpenVPN configuration file manually.)
UI typos have been fixed, and some minor bugs have been fixed.
SoftEther VPN 4.06 Build 9435 (Beta) (March 26, 2014)
Previous versions of VPN Client have a port-confliction problem of the TCP port (TCP 9930) for RPC (Remote Procedure Call) on the VPN Client service for Windows, if the same port is occupied by another service. This version has solved the confliction problem.
SoftEther VPN 4.06 Build 9433 (Beta) (March 21, 2014)
Fixed a crashing bug on NAT-Traversal connections.
We sincerely apologize that the SoftEther VPN Server of the last build (Build 9432) has a serious crashing bug if a VPN client connects to the VPN Server in the NAT Traversal mode, in UNIX system. This serious bug was caused by the problem of the processing of Unicode string (which is used by a warning message for NAT Traversal connections). We fixed the serious bug by this Build 9433. If you are using SoftEther VPN Server Build 9430 or 9432 in UNIX, please update it to Build 9433 as soon as possible.
SoftEther VPN 4.06 Build 9432 (Beta) (March 20, 2014)
We apologize that the previous build (Build 9430) has a problem that the RSA certificate authentication doesn't work.
This build has been fixed the problem. Please use Build 9432 if you are intending to use the RSA certificate authentication function.
SoftEther VPN 4.06 Build 9430 (Beta) (March 20, 2014)
Thank you for waiting!
Added the following five advanced functions into SoftEther VPN Server (experimental) :
- RADIUS / NT Domain user authentication function
- RSA certificate user authentication function
- Deep-inspect packet logging function
- Source IP address control list function
- syslog transfer function
Added the split-tunneling function (experimental) :
- Split tunneling is the function for enterprises to allow users communicate only to the specified IPv4 subnets through a VPN tunnel.
- You can set up either SecureNAT Virtual DHCP Server or any external DHCP server to push static routing tables to all VPN clients.
- The Virtual DHCP Server function in SecureNAT now supports classless static routing table pushing option (RFC 3442).
- All types of VPN clients (SoftEther VPN Client, OpenVPN Client, L2TP/IPsec client and MS-SSTP client) can receive the static routing table pushed.
Added the function which allows the VPN server administrator to obtain the DDNS private key on the DDNS setup dialog-box.
Improved the behavior of the Privacy Filter Mode security policy. In the previous versions, a VPN session which is enabled the Privacy Filter Mode option cannot transmit any packets toward other Privacy Filter Mode enabled VPN sessions, except broadcast packets and ARP packets. On or after this version, both broadcast packets and ARP packets will also be blocked by the Privacy Filter Mode policy to eliminate the broadcast traffics. For the backward compatibility, this behavior can be changed by the "DropBroadcastsInPrivacyFilterMode" and "DropArpInPrivacyFilterMode" bool options on the Virtual Hub Extended Options.
Added the generating function of X.509 v3 certificates with the SHA-2 (SHA-256) hashing algorithm to improve the security.
According to the users reports, on very minor Linux environment, the "vpnserver stop" shutdown operation sometimes hangs up. The SoftEther VPN Project hasn't reproduce the issue yet. However, we added the fail-safe code to run "killall -KILL vpnserver" after the process shutdown operation times out (90 seconds).
Added the option to disable the NAT Traversal tunneling function on the connection settings screen in VPN Client and Cascade Connection.
Added Several Fixes for OS X.
Added Improved Simplified Chinese UI resources.
Added Workaround for when vpnserver hangs on stop on minor Linux environments.
On VPN Servers in People's Republic of China, the above five functions are currently disabled by default, under the orders from Beijing. Although Chinese users can enable these functions manually, Enterprise users in People's Republic of China are recommended to use these enterprise functions with PacketiX VPN Server 4.0 Chinese Edition.
SoftEther VPN 4.05 Build 9423 (Beta) (February 18, 2014)
Added Files for building CentOS/RHEL RPM.
Set the "VPN over DNS" and "VPN over ICMP" functions disabled by default on VPN Server / VPN Bridge.
SoftEther VPN 4.05 Build 9422 (Beta) (February 17, 2014)
Added the supporting of /hostname and /password command-line arguments on VPN Client.
Added the NSDI 6.x Lightweight Helper Kernel-mode Module for the local-bridge function. This kernel-mode driver runs only on Windows 8.1 / Windows Server 2012 R2 or later.
SoftEther VPN 4.05 Build 9416 (Beta) (February 6, 2014)
Added the support for OpenBSD on the source code.
Added the debian packaging on the source code.
Added the adminip.txt CIDR support.
Added the supporting VLAN for Mac OS X using TunTapOSX.
Added the .zip package with vpnsmgr.exe and vpncmd.exe for system administrators.
SoftEther VPN 4.04 Build 9412 (January 15, 2014)
Whole English UI texts are checked and corrected by a native speaker of English. Fixed typos.
SoftEther VPN 4.03 Build 9411 (January 7, 2014)
Modified the source-code tree. In the build 9408, some C# build-utility source codes were missing. In this build, full set of all source codes including the BuildUtil program are appended. No functional differences between this build and the last build.
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
SoftEther VPN 4.03 Build 9408 (January 4, 2014)
2017-10-19 05:48:23 +03:00
SoftEther VPN became open source software from this build. More details on this page. Note that the major version 3.xx was skipped for internal reason of our project. So this open-sourced new version starts with major version 4.xx.
SoftEther VPN 2.00 Build 9387 (September 16, 2013)
This build realizes the compatibility with Microsoft Windows 8.1 and Windows Server 2012 R2 (RTM). This build supports Windows 8.1 and Windows Server 2012 R2 officially. This build fixes the former problem when the user upgrades from Windows 8 to Windows 8.1 by upgrade installation.
The major version number of SoftEther VPN was incremented on this build.
SoftEther VPN 1.01 Build 9379 RTM (August 18, 2013)
This security update is to strengthen the security of SoftEther VPN 1.0 (Server and Bridge).
There is a remote administration function on SoftEther VPN 1.0. The function is to allow administrators to connect to the VPN server remotely to manage the server. In older versions, a third person can login to the VPN Server in the Virtual Hub Administration Mode if the administrator has forgot to set the administrator's password on a Virtual Hub. Older versions are also safe if any strong password is set on the Virtual Hub. However we suppose that there are some administrators who have forgot to set passwords for Virtual Hubs. In order to protect such potential vulnerable servers, this security update strengthens the VPN server program to deny all empty (not set) passwords on the Virtual Hub Administration Mode. Your VPN server has been safe also in older versions if you set any passwords for Virtual Hubs. However, we strongly recommend to apply this update program to all VPN server administrators who might have potential empty passwords on Virtual Hubs.
SoftEther VPN 1.00 Build 9376, 9377 RTM (August 3, 2013)
This is a minor fix.
Improvement Stability of NAT Traversal.
Add HTTP User-Agent Indication Behavior when using VPN Gate Client.
SoftEther VPN 1.00 Build 9371 RTM (July 25, 2013)
This is the RTM version of SoftEther VPN 1.0. It is not a BETA version.
We have fixed a lot of bugs in former builds. This RTM build is a stable build for everyone.
We will continue to improve features and performances on SoftEther VPN hereafter.
SoftEther VPN 1.00 Build 9367 RC4 (July 21, 2013)
This should be the final beta release before the RTM version of SoftEther VPN 1.0.
SoftEther VPN 1.00 Build 9091 RC3 (May 19, 2013)
We released RC3 with the following improvements. RC3 should be the final release candidate before the GA (Generally Available) build.
- Fixed a crush bug which might occurred during the shutdown of vpnserver process with using L2TPv3 or EtherIP over IPsec.
- The statistics of cumulative transferred-bytes and packets-counter are appended on the list of Visual Hubs and on the list of User Objects on each Virtual Hub, on VPN Server Manager and vpncmd.
- On the list of User Objects enumeration in both VPN Server Manager and vpncmd, the expire-date of each User Object are appended on the displayed list.
- Improvements of stability of Dynamic DNS Function and NAT-Traversal Function.
SoftEther VPN 1.00 Build 9079 RC2 Fix17 (May 5, 2013)
Fixed a typo. Fixed a wrong bitmap image on the installer.
SoftEther VPN 1.00 Build 9078 RC2 Fix16 (April 28, 2013)
A security fix. The previous versions have ignored the "deny_empty_password" option in the Virtual Hub Administration Options List. This build fixed this security bug.
Fixed some minor bugs.
Improvement of the respond-time on IPv6 DNS name resolver.
SoftEther VPN 1.00 Build 9074 RC2 Fix15 (April 24, 2013)
Minor improvement around the Dynamic DNS Client function.
SoftEther VPN 1.00 Build 9071 RC2 Fix14 (April 20, 2013)
Fixed a minor timeout bug.
SoftEther VPN 1.00 Build 9070 RC2 Fix13 (April 18, 2013)
Enabled advanced security check routines for butter overflow (Win32 binaries only.)
File sizes have been increased a little, but the performance wasn't affected.
SoftEther VPN 1.00 Build 9069 RC2 Fix12 (April 17, 2013)
Fixed a minor bug on SSL packet processing.
Fixed a miror bug on TCP listener. (very rare crash)
SoftEther VPN 1.00 Build 9053 RC2 Fix11 (April 8, 2013)
Fixed a minor bug on UDP packet processing.
Added a new feature: IKE and OpenVPN (in UDP packets) Packet Logging Function.
SoftEther VPN 1.00 Build 9045 RC2 Fix10 (April 2, 2013)
Fixed a minor bug, and improved the stability.
SoftEther VPN 1.00 Build 9043 RC2 Fix9 (April 1, 2013)
Fixed a critical bug was in the HTTP packet parser.
Improvement of the stability of UDP-based communication.
Fixed a problem: SecureNAT's connectivity polling packet interval was too short.
SoftEther VPN 1.00 Build 9035 RC2 Fix8 (March 26, 2013)
Correct Spelling (#458) * spelling: accepts * spelling: account * spelling: accept * spelling: accumulate * spelling: adapter * spelling: address * spelling: additional * spelling: aggressive * spelling: adhered * spelling: allowed * spelling: ambiguous * spelling: amount * spelling: anonymous * spelling: acquisition * spelling: assemble * spelling: associated * spelling: assigns * spelling: attach * spelling: attempt * spelling: attribute * spelling: authenticate * spelling: authentication * spelling: available * spelling: bridging * spelling: cascade * spelling: cancel * spelling: check * spelling: challenge * spelling: changing * spelling: characters * spelling: cloud * spelling: compare * spelling: communication * spelling: compatible * spelling: compatibility * spelling: completion * spelling: complete * spelling: computers * spelling: configure * spelling: configuration * spelling: conformant * spelling: connection * spelling: contains * spelling: continuously * spelling: continue * spelling: convert * spelling: counters * spelling: create * spelling: created * spelling: cumulate * spelling: currently * spelling: debugging * spelling: decryption * spelling: description * spelling: default * spelling: driver * spelling: delete * spelling: destination * spelling: disabled * spelling: different * spelling: dynamically * spelling: directory * spelling: disappeared * spelling: disable * spelling: doesn't * spelling: download * spelling: dropped * spelling: enable * spelling: established * spelling: ether * spelling: except * spelling: expired * spelling: field * spelling: following * spelling: forever * spelling: firewall * spelling: first * spelling: fragment * spelling: function * spelling: gateway * spelling: identifier * spelling: identify * spelling: incoming * spelling: information * spelling: initialize * spelling: injection * spelling: inner * spelling: instead * spelling: installation * spelling: inserted * spelling: integer * spelling: interrupt * spelling: intuitive * spelling: interval * spelling: january * spelling: keybytes * spelling: know * spelling: language * spelling: length * spelling: library * spelling: listener * spelling: maintain * spelling: modified * spelling: necessary * spelling: number * spelling: obsoleted * spelling: occurred * spelling: occurring * spelling: occur * spelling: original * spelling: omittable * spelling: omit * spelling: opening * spelling: operation * spelling: packet * spelling: parameters * spelling: pointed * spelling: popupmenuopen * spelling: privilege * spelling: product * spelling: protection * spelling: promiscuous * spelling: prompt * spelling: query * spelling: random * spelling: reconnection * spelling: revocation * spelling: received * spelling: red hat * spelling: registry * spelling: release * spelling: retrieve
2018-05-17 00:47:10 +03:00
Fixed a crash bug: While you are changing the X.509 server certificate, if a new SSL-VPN connection is being made, the new connection attempt will cause the crash because lack of critical section locking. However this bug was very rare. We found it in the heavy stress test.
2017-10-19 05:48:23 +03:00
SoftEther VPN 1.00 Build 9033 RC2 Fix7 (March 22, 2013)
Fixed a minor bug.
SoftEther VPN 1.00 Build 9030 RC2 Fix6 (March 21, 2013)
Fixed a bug: A logged error message around the L2TP/SSTP/OpenVPN user-authentication was incorrect.
SoftEther VPN 1.00 Build 9029 RC2 Fix5 (March 17, 2013)
Fixed a minor bug and typo.
SoftEther VPN 1.00 Build 9027 RC2 Fix4 (March 12, 2013)
Fixed a minor bug.
SoftEther VPN 1.00 Build 9026 RC2 Fix3 (March 10, 2013)
Fixed a bug: the timeout to the DDNS server was too small.
SoftEther VPN 1.00 Build 9024 RC2 Fix2 (March 09, 2013)
Fixed a bug: On Windows, VPN over DNS could not be enabled.
SoftEther VPN 1.00 Build 9023 RC2 Fix1 (March 08, 2013)
Fixed a minor bug.
SoftEther VPN 1.00 Build 9022 RC2 (March 08, 2013)
The initial release.