v4.07-9448-rtm

2024-11-22 17:39:53 +03:00 · 2014-06-06 06:53:20 +09:00 · 2014-06-06 06:53:20 +09:00 · 719ee999d6
commit 719ee999d6
parent 7839d2939e
333 changed files with 1412 additions and 346 deletions
--- a/src/BuildFiles/Library/Win32_Debug/libeay32.lib
+++ b/src/BuildFiles/Library/Win32_Debug/libeay32.lib
--- a/src/BuildFiles/Library/Win32_Debug/ssleay32.lib
+++ b/src/BuildFiles/Library/Win32_Debug/ssleay32.lib
--- a/src/BuildFiles/Library/Win32_Release/libeay32.lib
+++ b/src/BuildFiles/Library/Win32_Release/libeay32.lib
--- a/src/BuildFiles/Library/Win32_Release/ssleay32.lib
+++ b/src/BuildFiles/Library/Win32_Release/ssleay32.lib
--- a/src/BuildFiles/Library/x64_Debug/libeay32.lib
+++ b/src/BuildFiles/Library/x64_Debug/libeay32.lib
--- a/src/BuildFiles/Library/x64_Debug/ssleay32.lib
+++ b/src/BuildFiles/Library/x64_Debug/ssleay32.lib
--- a/src/BuildFiles/Library/x64_Release/libeay32.lib
+++ b/src/BuildFiles/Library/x64_Release/libeay32.lib
--- a/src/BuildFiles/Library/x64_Release/ssleay32.lib
+++ b/src/BuildFiles/Library/x64_Release/ssleay32.lib
--- a/src/Cedar/Admin.c
+++ b/src/Cedar/Admin.c
@ -1113,6 +1113,24 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
 				x = CloneX(c->ServerX);
 			}
 			Unlock(c->lock);
+
+			if (x != NULL)
+			{
+				// Get the root certificate
+				if (x->root_cert == false)
+				{
+					X *root_x = NULL;
+					LIST *cert_list = NewCertList(true);
+
+					if (TryGetRootCertChain(cert_list, x, true, &root_x))
+					{
+						FreeX(x);
+						x = root_x;
+					}
+
+					FreeCertList(cert_list);
+				}
+			}
 		}

 		x_buf = XToBuf(x, true);
@ -1121,7 +1139,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
 		WriteBufChar(x_buf, 0);
 		SeekBufToBegin(x_buf);

-		// Generate dummy certification
+		// Generate a dummy certificate
 		if (x != NULL)
 		{
 			if (RsaGen(&dummy_private_k, &dummy_public_k, x->bits))
@ -8331,6 +8349,15 @@ UINT StSetServerCert(ADMIN *a, RPC_KEY_PAIR *t)
 		return ERR_PROTOCOL_ERROR;
 	}

+	t->Flag1 = 1;
+	if (t->Cert->root_cert == false)
+	{
+		if (DownloadAndSaveIntermediateCertificatesIfNecessary(t->Cert) == false)
+		{
+			t->Flag1 = 0;
+		}
+	}
+
 	SetCedarCert(c, t->Cert, t->Key);

 	ALog(a, NULL, "LA_SET_SERVER_CERT");
@ -12756,6 +12783,7 @@ void InRpcKeyPair(RPC_KEY_PAIR *t, PACK *p)

 	t->Cert = PackGetX(p, "Cert");
 	t->Key = PackGetK(p, "Key");
+	t->Flag1 = PackGetInt(p, "Flag1");
 }
 void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t)
 {
@ -12767,6 +12795,7 @@ void OutRpcKeyPair(PACK *p, RPC_KEY_PAIR *t)

 	PackAddX(p, "Cert", t->Cert);
 	PackAddK(p, "Key", t->Key);
+	PackAddInt(p, "Flag1", t->Flag1);
 }
 void FreeRpcKeyPair(RPC_KEY_PAIR *t)
 {
--- a/src/Cedar/Admin.h
+++ b/src/Cedar/Admin.h
@ -295,6 +295,7 @@ struct RPC_KEY_PAIR
 {
 	X *Cert;							// Certificate
 	K *Key;								// Secret key
+	UINT Flag1;							// Flag1
 };

 // HUB option
--- a/src/Cedar/Cedar.h
+++ b/src/Cedar/Cedar.h
@ -120,10 +120,10 @@


 // Version number
-#define	CEDAR_VER					406
+#define	CEDAR_VER					407

 // Build Number
-#define	CEDAR_BUILD					9437
+#define	CEDAR_BUILD					9448

 // Beta number
 //#define	BETA_NUMBER					3
@ -143,11 +143,11 @@

 // Specifies the build date
 #define	BUILD_DATE_Y		2014
-#define	BUILD_DATE_M		4
-#define	BUILD_DATE_D		9
-#define	BUILD_DATE_HO		9
-#define	BUILD_DATE_MI		39
-#define	BUILD_DATE_SE		4
+#define	BUILD_DATE_M		6
+#define	BUILD_DATE_D		6
+#define	BUILD_DATE_HO		3
+#define	BUILD_DATE_MI		7
+#define	BUILD_DATE_SE		39

 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)
--- a/src/Cedar/Client.c
+++ b/src/Cedar/Client.c
@ -5852,7 +5852,6 @@ REMOTE_CLIENT *CcConnectRpcEx(char *server_name, char *password, bool *bad_pass,
 #endif	// OS_WIN32

 	port_start = CLIENT_CONFIG_PORT - 1;
-
 	if (reg_port != 0)
 	{
 		s = Connect(server_name, reg_port);
--- a/src/Cedar/Command.c
+++ b/src/Cedar/Command.c
@ -6658,6 +6658,28 @@ void PsMain(PS *ps)
 		}
 	}

+	if (ps->HubName == NULL)
+	{
+		RPC_KEY_PAIR t;
+
+		Zero(&t, sizeof(t));
+
+		if (ScGetServerCert(ps->Rpc, &t) == ERR_NO_ERROR)
+		{
+			if (t.Cert != NULL && t.Cert->has_basic_constraints == false)
+			{
+				if (t.Cert->root_cert)
+				{
+					ps->Console->Write(ps->Console, L"");
+					ps->Console->Write(ps->Console, _UU("SM_CERT_MESSAGE_CLI"));
+					ps->Console->Write(ps->Console, L"");
+				}
+			}
+
+			FreeRpcKeyPair(&t);
+		}
+	}
+
 	while (true)
 	{
 		// Definition of command
@ -7841,6 +7863,14 @@ UINT PsServerCertSet(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
 			return ret;
 		}

+		if (t.Flag1 == 0)
+		{
+			// Show the warning message
+			c->Write(c, L"");
+			c->Write(c, _UU("SM_CERT_NEED_ROOT"));
+			c->Write(c, L"");
+		}
+
 		FreeRpcKeyPair(&t);
 	}
 	else
@ -20897,6 +20927,10 @@ UINT PsServerCertRegenerate(CONSOLE *c, char *cmd_name, wchar_t *str, void *para
 		return ret;
 	}

+	c->Write(c, L"");
+	c->Write(c, _UU("CM_CERT_SET_MSG"));
+	c->Write(c, L"");
+
 	FreeParamValueList(o);

 	return 0;
--- a/src/Cedar/Interop_OpenVPN.c
+++ b/src/Cedar/Interop_OpenVPN.c
@ -2058,6 +2058,7 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
 									}
 									else
 									{
+#if	0	// Currently disabled
 										// If the default gateway is not specified, add the static routing table
 										// entry for the local IP subnet
 										IP local_network;
@ -2076,6 +2077,7 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
 											&cao->SubnetMask);

 										StrCat(option_str, sizeof(option_str), l3_options);
+#endif
 									}

 									// Classless routing table
--- a/src/Cedar/Logging.c
+++ b/src/Cedar/Logging.c
@ -1333,6 +1333,12 @@ char *BuildHttpLogStr(HTTPLOG *h)

 	b = NewBuf();

+	if (StartWith(h->Path, "http://"))
+	{
+		StrCpy(url, sizeof(url), h->Path);
+	}
+	else
+	{
 		// URL generation
 		if (h->Port == 80)
 		{
@ -1344,6 +1350,7 @@ char *BuildHttpLogStr(HTTPLOG *h)
 			Format(url, sizeof(url), "http://%s:%u%s",
 				h->Hostname, h->Port, h->Path);
 		}
+	}

 	AddLogBufToStr(b, "HttpMethod", h->Method);
 	AddLogBufToStr(b, "HttpUrl", url);
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@ -100,6 +100,461 @@

 static UCHAR ssl_packet_start[3] = {0x17, 0x03, 0x00};

+// Download and save intermediate certificates if necessary
+bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x)
+{
+	LIST *o;
+	bool ret = false;
+	// Validate arguments
+	if (x == NULL)
+	{
+		return false;
+	}
+
+	if (x->root_cert)
+	{
+		return true;
+	}
+
+	o = NewCertList(true);
+
+	ret = TryGetRootCertChain(o, x, true, NULL);
+
+	FreeCertList(o);
+
+	return ret;
+}
+
+// Attempt to fetch the full chain of the specified cert
+bool TryGetRootCertChain(LIST *o, X *x, bool auto_save, X **found_root_x)
+{
+	bool ret = false;
+	LIST *chain = NULL;
+	LIST *current_chain_dir = NULL;
+	// Validate arguments
+	if (o == NULL || x == NULL)
+	{
+		return false;
+	}
+
+	chain = NewCertList(false);
+
+	ret = TryGetParentCertFromCertList(o, x, chain);
+
+	if (ret)
+	{
+		UINT i;
+		DIRLIST *dir;
+		wchar_t dirname[MAX_SIZE];
+		wchar_t exedir[MAX_SIZE];
+
+		GetExeDirW(exedir, sizeof(exedir));
+		CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");
+		MakeDirExW(dirname);
+
+		if (auto_save)
+		{
+			// delete the current auto_save files
+			dir = EnumDirW(dirname);
+			if (dir != NULL)
+			{
+				for (i = 0;i < dir->NumFiles;i++)
+				{
+					DIRENT *e = dir->File[i];
+
+					if (e->Folder == false)
+					{
+						if (UniStartWith(e->FileNameW, AUTO_DOWNLOAD_CERTS_PREFIX))
+						{
+							wchar_t tmp[MAX_SIZE];
+
+							CombinePathW(tmp, sizeof(tmp), dirname, e->FileNameW);
+
+							FileDeleteW(tmp);
+						}
+					}
+				}
+
+				FreeDir(dir);
+			}
+		}
+
+		current_chain_dir = NewCertList(false);
+		AddAllChainCertsToCertList(current_chain_dir);
+
+		for (i = 0;i < LIST_NUM(chain);i++)
+		{
+			wchar_t tmp[MAX_SIZE];
+			X *xx = LIST_DATA(chain, i);
+
+			GetAllNameFromName(tmp, sizeof(tmp), xx->subject_name);
+
+			Debug("depth = %u, subject = %S\n", i, tmp);
+
+			if (auto_save && CompareX(x, xx) == false && IsXInCertList(current_chain_dir, xx) == false)
+			{
+				wchar_t fn[MAX_PATH];
+				char hex_a[128];
+				wchar_t hex[128];
+				UCHAR hash[SHA1_SIZE];
+				wchar_t tmp[MAX_SIZE];
+				BUF *b;
+
+				GetXDigest(xx, hash, true);
+				BinToStr(hex_a, sizeof(hex_a), hash, SHA1_SIZE);
+				StrToUni(hex, sizeof(hex), hex_a);
+
+				UniStrCpy(fn, sizeof(fn), AUTO_DOWNLOAD_CERTS_PREFIX);
+				UniStrCat(fn, sizeof(fn), hex);
+				UniStrCat(fn, sizeof(fn), L".cer");
+
+				CombinePathW(tmp, sizeof(tmp), dirname, fn);
+
+				b = XToBuf(xx, true);
+
+				DumpBufW(b, tmp);
+
+				FreeBuf(b);
+			}
+
+			if (xx->root_cert)
+			{
+				if (found_root_x != NULL)
+				{
+					*found_root_x = CloneX(xx);
+				}
+			}
+		}
+	}
+
+	FreeCertList(chain);
+
+	FreeCertList(current_chain_dir);
+
+	return ret;
+}
+
+// Try get the parent cert
+bool TryGetParentCertFromCertList(LIST *o, X *x, LIST *found_chain)
+{
+	bool ret = false;
+	X *r;
+	bool do_free = false;
+	// Validate arguments
+	if (o == NULL || x == NULL || found_chain == NULL)
+	{
+		return false;
+	}
+
+	if (LIST_NUM(found_chain) >= FIND_CERT_CHAIN_MAX_DEPTH)
+	{
+		return false;
+	}
+
+	Add(found_chain, CloneX(x));
+
+	if (x->root_cert)
+	{
+		return true;
+	}
+
+	r = FindCertIssuerFromCertList(o, x);
+
+	if (r == NULL)
+	{
+		if (IsEmptyStr(x->issuer_url) == false)
+		{
+			r = DownloadCert(x->issuer_url);
+
+			if (CheckXEx(x, r, true, true) && CompareX(x, r) == false)
+			{
+				// found
+				do_free = true;
+			}
+			else
+			{
+				// invalid
+				FreeX(r);
+				r = NULL;
+			}
+		}
+	}
+
+	if (r != NULL)
+	{
+		ret = TryGetParentCertFromCertList(o, r, found_chain);
+	}
+
+	if (do_free)
+	{
+		FreeX(r);
+	}
+
+	return ret;
+}
+
+// Find the issuer of the cert from the cert list
+X *FindCertIssuerFromCertList(LIST *o, X *x)
+{
+	UINT i;
+	// Validate arguments
+	if (o == NULL || x == NULL)
+	{
+		return NULL;
+	}
+
+	if (x->root_cert)
+	{
+		return NULL;
+	}
+
+	for (i = 0;i < LIST_NUM(o);i++)
+	{
+		X *xx = LIST_DATA(o, i);
+
+		if (CheckXEx(x, xx, true, true))
+		{
+			if (CompareX(x, xx) == false)
+			{
+				return xx;
+			}
+		}
+	}
+
+	return NULL;
+}
+
+// Download a cert by using HTTP
+X *DownloadCert(char *url)
+{
+	BUF *b;
+	URL_DATA url_data;
+	X *ret = NULL;
+	// Validate arguments
+	if (IsEmptyStr(url))
+	{
+		return NULL;
+	}
+
+	Debug("Trying to download a cert from %s ...\n", url);
+
+	if (ParseUrl(&url_data, url, false, NULL) == false)
+	{
+		Debug("Download failed.\n");
+		return NULL;
+	}
+
+	b = HttpRequestEx(&url_data, NULL, CERT_HTTP_DOWNLOAD_TIMEOUT, CERT_HTTP_DOWNLOAD_TIMEOUT,
+		NULL, false, NULL, NULL, NULL, NULL, NULL, CERT_HTTP_DOWNLOAD_MAXSIZE);
+
+	if (b == NULL)
+	{
+		Debug("Download failed.\n");
+		return NULL;
+	}
+
+	ret = BufToX(b, IsBase64(b));
+
+	FreeBuf(b);
+
+	Debug("Download ok.\n");
+	return ret;
+}
+
+// New cert list
+LIST *NewCertList(bool load_root_and_chain)
+{
+	LIST *o;
+
+	o = NewList(NULL);
+
+	if (load_root_and_chain)
+	{
+		AddAllRootCertsToCertList(o);
+		AddAllChainCertsToCertList(o);
+	}
+
+	return o;
+}
+
+// Free cert list
+void FreeCertList(LIST *o)
+{
+	UINT i;
+	// Validate arguments
+	if (o == NULL)
+	{
+		return;
+	}
+
+	for (i = 0;i < LIST_NUM(o);i++)
+	{
+		X *x = LIST_DATA(o, i);
+
+		FreeX(x);
+	}
+
+	ReleaseList(o);
+}
+
+// Check whether the cert is in the cert list
+bool IsXInCertList(LIST *o, X *x)
+{
+	UINT i;
+	// Validate arguments
+	if (o == NULL || x == NULL)
+	{
+		return false;
+	}
+
+	for (i = 0;i < LIST_NUM(o);i++)
+	{
+		X *xx = LIST_DATA(o, i);
+
+		if (CompareX(x, xx))
+		{
+			return true;
+		}
+	}
+
+	return false;
+}
+
+// Add a cert to the cert list
+void AddXToCertList(LIST *o, X *x)
+{
+	// Validate arguments
+	if (o == NULL || x == NULL)
+	{
+		return;
+	}
+
+	if (IsXInCertList(o, x))
+	{
+		return;
+	}
+
+	if (CheckXDateNow(x) == false)
+	{
+		return;
+	}
+
+	Add(o, CloneX(x));
+}
+
+// Add all chain certs to the cert list
+void AddAllChainCertsToCertList(LIST *o)
+{
+	wchar_t dirname[MAX_SIZE];
+	wchar_t exedir[MAX_SIZE];
+	DIRLIST *dir;
+	// Validate arguments
+	if (o == NULL)
+	{
+		return;
+	}
+
+	GetExeDirW(exedir, sizeof(exedir));
+
+	CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");
+
+	MakeDirExW(dirname);
+
+	dir = EnumDirW(dirname);
+
+	if (dir != NULL)
+	{
+		UINT i;
+
+		for (i = 0;i < dir->NumFiles;i++)
+		{
+			DIRENT *e = dir->File[i];
+
+			if (e->Folder == false)
+			{
+				wchar_t tmp[MAX_SIZE];
+				X *x;
+
+				CombinePathW(tmp, sizeof(tmp), dirname, e->FileNameW);
+
+				x = FileToXW(tmp);
+
+				if (x != NULL)
+				{
+					AddXToCertList(o, x);
+
+					FreeX(x);
+				}
+			}
+		}
+
+		FreeDir(dir);
+	}
+}
+
+// Add all root certs to the cert list
+void AddAllRootCertsToCertList(LIST *o)
+{
+	BUF *buf;
+	PACK *p;
+	UINT num_ok = 0, num_error = 0;
+	// Validate arguments
+	if (o == NULL)
+	{
+		return;
+	}
+
+	buf = ReadDump(ROOT_CERTS_FILENAME);
+	if (buf == NULL)
+	{
+		return;
+	}
+
+	p = BufToPack(buf);
+
+	if (p != NULL)
+	{
+		UINT num = PackGetIndexCount(p, "cert");
+		UINT i;
+
+		for (i = 0;i < num;i++)
+		{
+			bool ok = false;
+			BUF *b = PackGetBufEx(p, "cert", i);
+
+			if (b != NULL)
+			{
+				X *x = BufToX(b, false);
+
+				if (x != NULL)
+				{
+					AddXToCertList(o, x);
+
+					ok = true;
+
+					FreeX(x);
+				}
+
+				FreeBuf(b);
+			}
+
+			if (ok)
+			{
+				num_ok++;
+			}
+			else
+			{
+				num_error++;
+			}
+		}
+
+		FreePack(p);
+	}
+
+	FreeBuf(buf);
+
+	Debug("AddAllRootCertsToCertList: ok=%u error=%u total_list_len=%u\n", num_ok, num_error, LIST_NUM(o));
+}

 // Convert the date of YYYYMMDD format to a number
 UINT64 ShortStrToDate64(char *str)
@ -5345,8 +5800,26 @@ bool ClientUploadAuth(CONNECTION *c)
 	// UDP acceleration function using flag
 	if (o->NoUdpAcceleration == false && c->Session->UdpAccel != NULL)
 	{
+		IP my_ip;
+
+		Zero(&my_ip, sizeof(my_ip));
+
 		PackAddBool(p, "use_udp_acceleration", true);
-		PackAddIp(p, "udp_acceleration_client_ip", &c->Session->UdpAccel->MyIp);
+
+		Copy(&my_ip, &c->Session->UdpAccel->MyIp, sizeof(IP));
+		if (IsLocalHostIP(&my_ip))
+		{
+			if (IsIP4(&my_ip))
+			{
+				ZeroIP4(&my_ip);
+			}
+			else
+			{
+				ZeroIP6(&my_ip);
+			}
+		}
+
+		PackAddIp(p, "udp_acceleration_client_ip", &my_ip);
 		PackAddInt(p, "udp_acceleration_client_port", c->Session->UdpAccel->MyPort);
 		PackAddData(p, "udp_acceleration_client_key", c->Session->UdpAccel->MyKey, UDP_ACCELERATION_COMMON_KEY_SIZE);
 		PackAddBool(p, "support_hmac_on_udp_acceleration", true);
@ -6186,6 +6659,8 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 	char basic_str[MAX_SIZE * 2];
 	UINT http_error_code;
 	HTTP_HEADER *h;
+	char server_host_name_tmp[256];
+	UINT i, len;
 	// Validate arguments
 	if (c == NULL || proxy_host_name == NULL || proxy_port == 0 || server_host_name == NULL ||
 		server_port == 0)
@ -6206,6 +6681,19 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 		return NULL;
 	}

+	Zero(server_host_name_tmp, sizeof(server_host_name_tmp));
+	StrCpy(server_host_name_tmp, sizeof(server_host_name_tmp), server_host_name);
+
+	len = StrLen(server_host_name_tmp);
+
+	for (i = 0;i < len;i++)
+	{
+		if (server_host_name_tmp[i] == '/')
+		{
+			server_host_name_tmp[i] = 0;
+		}
+	}
+
 	// Connection
 	s = TcpConnectEx3(proxy_host_name, proxy_port, timeout, cancel_flag, hWnd, true, NULL, false, false);
 	if (s == NULL)
@ -6224,24 +6712,24 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 	}

 	// HTTP header generation
-	if (IsStrIPv6Address(server_host_name))
+	if (IsStrIPv6Address(server_host_name_tmp))
 	{
 		IP ip;
 		char iptmp[MAX_PATH];

-		StrToIP(&ip, server_host_name);
+		StrToIP(&ip, server_host_name_tmp);
 		IPToStr(iptmp, sizeof(iptmp), &ip);

 		Format(tmp, sizeof(tmp), "[%s]:%u", iptmp, server_port);
 	}
 	else
 	{
-		Format(tmp, sizeof(tmp), "%s:%u", server_host_name, server_port);
+		Format(tmp, sizeof(tmp), "%s:%u", server_host_name_tmp, server_port);
 	}

 	h = NewHttpHeader("CONNECT", tmp, "HTTP/1.0");
 	AddHttpValue(h, NewHttpValue("User-Agent", (c->Cedar == NULL ? DEFAULT_USER_AGENT : c->Cedar->HttpUserAgent)));
-	AddHttpValue(h, NewHttpValue("Host", server_host_name));
+	AddHttpValue(h, NewHttpValue("Host", server_host_name_tmp));
 	AddHttpValue(h, NewHttpValue("Content-Length", "0"));
 	AddHttpValue(h, NewHttpValue("Proxy-Connection", "Keep-Alive"));
 	AddHttpValue(h, NewHttpValue("Pragma", "no-cache"));
@ -6249,7 +6737,7 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 	if (use_auth)
 	{
 		wchar_t tmp[MAX_SIZE];
-		UniFormat(tmp, sizeof(tmp), _UU("STATUS_3"), server_host_name);
+		UniFormat(tmp, sizeof(tmp), _UU("STATUS_3"), server_host_name_tmp);
 		// Generate the authentication string
 		Format(auth_tmp_str, sizeof(auth_tmp_str), "%s:%s",
 			username, password);
--- a/src/Cedar/Protocol.h
+++ b/src/Cedar/Protocol.h
@ -179,6 +179,12 @@ struct UPDATE_CLIENT
 #define	UPDATE_CONNECT_TIMEOUT			5000
 #define	UPDATE_COMM_TIMEOUT				5000

+// Dynamic root cert fetch function
+#define	CERT_HTTP_DOWNLOAD_MAXSIZE	65536
+#define	CERT_HTTP_DOWNLOAD_TIMEOUT	(10 * 1000)
+#define	ROOT_CERTS_FILENAME			"|root_certs.dat"
+#define	AUTO_DOWNLOAD_CERTS_PREFIX	L".autodownload_"
+#define	FIND_CERT_CHAIN_MAX_DEPTH	16


 // Function prototype
@ -277,6 +283,18 @@ void PackAddClientVersion(PACK *p, CONNECTION *c);
 void NodeInfoToStr(wchar_t *str, UINT size, NODE_INFO *info);
 void GenerateMachineUniqueHash(void *data);

+LIST *NewCertList(bool load_root_and_chain);
+void FreeCertList(LIST *o);
+bool IsXInCertList(LIST *o, X *x);
+void AddXToCertList(LIST *o, X *x);
+void AddAllRootCertsToCertList(LIST *o);
+void AddAllChainCertsToCertList(LIST *o);
+X *DownloadCert(char *url);
+X *FindCertIssuerFromCertList(LIST *o, X *x);
+bool TryGetRootCertChain(LIST *o, X *x, bool auto_save, X **found_root_x);
+bool TryGetParentCertFromCertList(LIST *o, X *x, LIST *found_chain);
+bool DownloadAndSaveIntermediateCertificatesIfNecessary(X *x);
+

 #endif	// PROTOCOL_H

--- a/src/Cedar/SM.c
+++ b/src/Cedar/SM.c
@ -16929,6 +16929,13 @@ void SmSslDlgOnOk(HWND hWnd, SM_SSL *s)
 		{
 			return;
 		}
+
+		if (t.Flag1 == 0)
+		{
+			// Show the warning message
+			MsgBox(hWnd, MB_ICONWARNING, _UU("SM_CERT_NEED_ROOT"));
+		}
+
 		FreeRpcKeyPair(&t);

 		MsgBox(hWnd, MB_ICONINFORMATION, _UU("CM_CERT_SET_MSG"));
@ -18930,6 +18937,8 @@ UINT SmServerDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa

 			SmShowIPSecMessageIfNecessary(hWnd, p);

+			SmShowCertRegenerateMessageIfNecessary(hWnd, p);
+
 			SetTimer(hWnd, 3, 150, NULL);
 			break;

@ -18954,6 +18963,73 @@ UINT SmServerDlgProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *pa
 	return 0;
 }

+// Display the message about the cert
+void SmShowCertRegenerateMessageIfNecessary(HWND hWnd, SM_SERVER *p)
+{
+	// Validate arguments
+	if (p == NULL)
+	{
+		return;
+	}
+
+	if (p->ServerAdminMode && p->Bridge == false)
+	{
+		RPC_KEY_PAIR t;
+
+		Zero(&t, sizeof(t));
+
+		if (ScGetServerCert(p->Rpc, &t) == ERR_NO_ERROR)
+		{
+			if (t.Cert != NULL && t.Cert->has_basic_constraints == false)
+			{
+				if (t.Cert->root_cert)
+				{
+					if (MsRegReadInt(REG_CURRENT_USER, SM_HIDE_CERT_UPDATE_MSG_KEY, p->ServerName) == 0)
+					{
+						if (MsgBox(hWnd, MB_ICONQUESTION | MB_YESNO, _UU("SM_CERT_MESSAGE")) == IDYES)
+						{
+							X *x;
+							K *k;
+
+							// Regenerating the certificate
+							if (SmRegenerateServerCert(hWnd, p, NULL, &x, &k, false))
+							{
+								// Confirmation message
+								if (MsgBox(hWnd, MB_ICONEXCLAMATION | MB_YESNO, _UU("SM_REGENERATE_CERT_MSG")) == IDYES)
+								{
+									// Set the new certificate and private key
+									RPC_KEY_PAIR t2;
+
+									Zero(&t2, sizeof(t2));
+
+									t2.Cert = CloneX(x);
+									t2.Key = CloneK(k);
+
+									if (CALL(hWnd, ScSetServerCert(p->Rpc, &t2)))
+									{
+										FreeRpcKeyPair(&t2);
+
+										MsgBox(hWnd, MB_ICONINFORMATION, _UU("CM_CERT_SET_MSG"));
+									}
+								}
+
+								FreeX(x);
+								FreeK(k);
+							}
+						}
+						else
+						{
+							MsRegWriteInt(REG_CURRENT_USER, SM_HIDE_CERT_UPDATE_MSG_KEY, p->ServerName, 1);
+						}
+					}
+				}
+			}
+
+			FreeRpcKeyPair(&t);
+		}
+	}
+}
+
 // Display messages about IPsec, and prompt for the setting
 void SmShowIPSecMessageIfNecessary(HWND hWnd, SM_SERVER *p)
 {
--- a/src/Cedar/SMInner.h
+++ b/src/Cedar/SMInner.h
@ -101,6 +101,7 @@
 #define	SM_CERT_REG_KEY		"Software\\SoftEther Corporation\\PacketiX VPN\\Server Manager\\Cert Tool"
 #define	SM_SETTING_REG_KEY	"Software\\SoftEther Corporation\\PacketiX VPN\\Server Manager\\Settings"
 #define	SM_LASTHUB_REG_KEY	"Software\\SoftEther Corporation\\PacketiX VPN\\Server Manager\\Last HUB Name"
+#define	SM_HIDE_CERT_UPDATE_MSG_KEY	"Software\\SoftEther Corporation\\PacketiX VPN\\Server Manager\\Hide Cert Update Msg"

 #define	NAME_OF_VPN_SERVER_MANAGER	"vpnsmgr"
 #define	NAME_OF_VPN_SERVER_TARGET	"vpnserver@%s"
@ -799,6 +800,7 @@ UINT SmSpecialListenerDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, voi
 void SmSpecialListenerDlgInit(HWND hWnd, SM_SERVER *s);
 void SmSpecialListenerDlgOnOk(HWND hWnd, SM_SERVER *s);
 void SmShowIPSecMessageIfNecessary(HWND hWnd, SM_SERVER *p);
+void SmShowCertRegenerateMessageIfNecessary(HWND hWnd, SM_SERVER *p);
 UINT SmVmBridgeDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param);
 void SmAzure(HWND hWnd, SM_SERVER *s, bool on_setup);
 UINT SmAzureDlg(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, void *param);
--- a/src/Cedar/Server.h
+++ b/src/Cedar/Server.h
@ -414,6 +414,7 @@ struct LOG_FILE
 #define	GSF_SHOW_OSS_MSG				7


+
 // Virtual HUB creation history
 struct SERVER_HUB_CREATE_HISTORY
 {
--- a/src/Cedar/Session.c
+++ b/src/Cedar/Session.c
@ -2142,6 +2142,23 @@ SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username,
 	return s;
 }

+// Check whether the specified MAC address is IPC address
+bool IsIpcMacAddress(UCHAR *mac)
+{
+	// Validate arguments
+	if (mac == NULL)
+	{
+		return false;
+	}
+
+	if (mac[0] == 0xCA)
+	{
+		return true;
+	}
+
+	return false;
+}
+
 // Display the session key for debugging
 void DebugPrintSessionKey(UCHAR *session_key)
 {
--- a/src/Cedar/Session.h
+++ b/src/Cedar/Session.h
@ -397,6 +397,7 @@ void NewSessionKey(CEDAR *cedar, UCHAR *session_key, UINT *session_key_32);
 SESSION *GetSessionFromKey(CEDAR *cedar, UCHAR *session_key);
 SESSION *GetSessionFromKey32(CEDAR *cedar, UINT key32);
 void DebugPrintSessionKey(UCHAR *session_key);
+bool IsIpcMacAddress(UCHAR *mac);
 void ClientAdditionalConnectChance(SESSION *s);
 void SessionAdditionalConnect(SESSION *s);
 void ClientAdditionalThread(THREAD *t, void *param);
--- a/src/Cedar/Virtual.c
+++ b/src/Cedar/Virtual.c
@ -9436,6 +9436,53 @@ void VirtualDhcpServer(VH *v, PKT *p)
 				if (GetGlobalServerFlag(GSF_DISABLE_PUSH_ROUTE) == 0)
 				{
 					Copy(&ret.ClasslessRoute, &v->PushRoute, sizeof(DHCP_CLASSLESS_ROUTE_TABLE));
+
+					if (IsIpcMacAddress(p->MacAddressSrc))
+					{
+						if (ret.Gateway == 0)
+						{
+							// If the default gateway is not specified, add the static routing table
+							// entry for the local IP subnet
+							// (for PPP clients)
+							IP dhcp_ip;
+							IP dhcp_mask;
+							IP dhcp_network;
+
+							UINTToIP(&dhcp_ip, ip);
+
+							if (ip == 0)
+							{
+								UINTToIP(&dhcp_ip, p->L3.IPv4Header->SrcIP);
+							}
+
+							UINTToIP(&dhcp_mask, v->DhcpMask);
+
+							IPAnd4(&dhcp_network, &dhcp_ip, &dhcp_mask);
+
+							if (GetBestClasslessRoute(&ret.ClasslessRoute, &dhcp_ip) == NULL)
+							{
+								if (ret.ClasslessRoute.NumExistingRoutes < MAX_DHCP_CLASSLESS_ROUTE_ENTRIES)
+								{
+									DHCP_CLASSLESS_ROUTE *cr = &ret.ClasslessRoute.Entries[ret.ClasslessRoute.NumExistingRoutes];
+
+									cr->Exists = true;
+
+									UINTToIP(&cr->Gateway, v->HostIP);
+
+									if (v->UseNat == false && ret.ClasslessRoute.NumExistingRoutes >= 1)
+									{
+										Copy(&cr->Gateway, &ret.ClasslessRoute.Entries[0].Gateway, sizeof(IP));
+									}
+
+									Copy(&cr->Network, &dhcp_network, sizeof(IP));
+									Copy(&cr->SubnetMask, &dhcp_mask, sizeof(IP));
+									cr->SubnetMaskLen = SubnetMaskToInt(&dhcp_mask);
+
+									ret.ClasslessRoute.NumExistingRoutes++;
+								}
+							}
+						}
+					}
 				}

 				if (opt->Opcode != DHCP_INFORM)
--- a/src/Cedar/WinUi.h
+++ b/src/Cedar/WinUi.h
@ -485,6 +485,7 @@ typedef struct BAD_PROCESS
 static BAD_PROCESS bad_processes[] =
 {
 	{"nod32krn.exe", "NOD32 Antivirus",},
+	{"avp.exe", "Kaspersky",},
 };

 static UINT num_bad_processes = sizeof(bad_processes) / sizeof(bad_processes[0]);
--- a/src/CurrentBuild.txt
+++ b/src/CurrentBuild.txt
@ -1,4 +1,4 @@
-BUILD_NUMBER 9437
-VERSION 406
-BUILD_NAME beta
-BUILD_DATE 20140409_093904
+BUILD_NUMBER 9448
+VERSION 407
+BUILD_NAME rtm
+BUILD_DATE 20140606_030739
--- a/src/Mayaqua/Cfg.h
+++ b/src/Mayaqua/Cfg.h
@ -116,7 +116,7 @@
 #define	TAG_END				"end"
 #define	TAG_ROOT			"root"

-#define	TAG_CPYRIGHT		"\xef\xbb\xbf# Software Configuration File\r\n# \r\n# You can edit this file when the program is not working.\r\n# \r\n"
+#define	TAG_CPYRIGHT		"\xef\xbb\xbf# Software Configuration File\r\n# ---------------------------\r\n# \r\n# You may edit this file when the VPN Server / Client / Bridge program is not running.\r\n# \r\n# In prior to edit this file manually by your text editor,\r\n# shutdown the VPN Server / Client / Bridge background service.\r\n# Otherwise, all changes will be lost.\r\n# \r\n"
 #define	TAG_BINARY			"SEVPN_DB"

 // Data type
--- a/src/Mayaqua/Encrypt.c
+++ b/src/Mayaqua/Encrypt.c
@ -126,6 +126,8 @@
 #include <openssl/aes.h>
 #include <openssl/dh.h>
 #include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
 #include <Mayaqua/Mayaqua.h>

 #ifdef	USE_INTEL_AESNI_LIBRARY
@ -1149,13 +1151,13 @@ void GetAllNameFromA(char *str, UINT size, X *x)
 // Get the all name strings from NAME
 void GetAllNameFromName(wchar_t *str, UINT size, NAME *name)
 {
+	UniStrCpy(str, size, L"");
 	// Validate arguments
 	if (str == NULL || name == NULL)
 	{
 		return;
 	}

-	UniStrCpy(str, size, L"");
 	if (name->CommonName != NULL)
 	{
 		UniFormat(str, size, L"%sCN=%s, ", str, name->CommonName);
@ -1896,6 +1898,7 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
 	UINT64 notBefore, notAfter;
 	ASN1_TIME *t1, *t2;
 	X509_NAME *subject_name, *issuer_name;
+	X509_EXTENSION *ex = NULL;
 	// Validate arguments
 	if (pub == NULL || name == NULL || priv == NULL)
 	{
@ -1981,6 +1984,11 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
 		s->length = serial->size;
 	}

+	// Extensions
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,	"critical,CA:TRUE");
+	X509_add_ext(x509, ex, -1);
+	X509_EXTENSION_free(ex);
+
 	Lock(openssl_lock);
 	{
 		// Set the public key
@ -2663,6 +2671,10 @@ bool RsaGen(K **priv, K **pub, UINT bit)

 // Confirm whether the certificate X is signed by the issuer of the certificate x_issuer
 bool CheckX(X *x, X *x_issuer)
+{
+	return CheckXEx(x, x_issuer, false, false);
+}
+bool CheckXEx(X *x, X *x_issuer, bool check_name, bool check_date)
 {
 	K *k;
 	bool ret;
@ -2679,6 +2691,26 @@ bool CheckX(X *x, X *x_issuer)
 	}

 	ret = CheckSignature(x, k);
+
+	if (ret)
+	{
+		if (check_name)
+		{
+			if (CompareName(x->issuer_name, x_issuer->subject_name) == false)
+			{
+				ret = false;
+			}
+		}
+
+		if (check_date)
+		{
+			if (CheckXDateNow(x_issuer) == false)
+			{
+				ret = false;
+			}
+		}
+	}
+
 	FreeK(k);

 	return ret;
@ -3680,6 +3712,43 @@ X *X509ToX(X509 *x509)
 		}
 	}

+	// Check whether there is basic constraints
+	if (X509_get_ext_by_NID(x509, NID_basic_constraints, -1) != -1)
+	{
+		x->has_basic_constraints = true;
+	}
+
+	// Get the "Certification Authority Issuer" (1.3.6.1.5.5.7.48.2) field value
+	if (x->root_cert == false)
+	{
+		AUTHORITY_INFO_ACCESS *ads = (AUTHORITY_INFO_ACCESS *)X509_get_ext_d2i(x509, NID_info_access, NULL, NULL);
+
+		if (ads != NULL)
+		{
+			int i;
+
+			for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++)
+			{
+				ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(ads, i);
+				if (ad != NULL)
+				{
+					if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI)
+					{
+						char *uri = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
+
+						if (IsEmptyStr(uri) == false)
+						{
+							StrCpy(x->issuer_url, sizeof(x->issuer_url), uri);
+							break;
+						}
+					}
+				}
+			}
+
+			AUTHORITY_INFO_ACCESS_free(ads);
+		}
+	}
+
 	// Get the Serial Number
 	x->serial = NewXSerial(x509->cert_info->serialNumber->data,
 		x509->cert_info->serialNumber->length);
--- a/src/Mayaqua/Encrypt.h
+++ b/src/Mayaqua/Encrypt.h
@ -197,6 +197,8 @@ struct X
 	bool do_not_free;
 	bool is_compatible_bit;
 	UINT bits;
+	bool has_basic_constraints;
+	char issuer_url[256];
 };

 // Key
@ -339,6 +341,7 @@ K *GetKFromX(X *x);
 bool CheckSignature(X *x, K *k);
 X *X509ToX(X509 *x509);
 bool CheckX(X *x, X *x_issuer);
+bool CheckXEx(X *x, X *x_issuer, bool check_name, bool check_date);
 bool Asn1TimeToSystem(SYSTEMTIME *s, void *asn1_time);
 bool StrToSystem(SYSTEMTIME *s, char *str);
 UINT64 Asn1TimeToUINT64(void *asn1_time);
--- a/src/Mayaqua/MayaType.h
+++ b/src/Mayaqua/MayaType.h
@ -485,6 +485,7 @@ typedef struct ICMP_RESULT ICMP_RESULT;
 typedef struct SSL_PIPE SSL_PIPE;
 typedef struct SSL_BIO SSL_BIO;
 typedef struct RUDP_STACK RUDP_STACK;
+typedef struct RUDP_SOURCE_IP RUDP_SOURCE_IP;
 typedef struct RUDP_SESSION RUDP_SESSION;
 typedef struct RUDP_SEGMENT RUDP_SEGMENT;
 typedef struct CONNECT_TCP_RUDP_PARAM CONNECT_TCP_RUDP_PARAM;
--- a/src/Mayaqua/Memory.c
+++ b/src/Mayaqua/Memory.c
@ -2005,6 +2005,41 @@ int CompareInt64(void *p1, void *p2)
 	return COMPARE_RET(*v1, *v2);
 }

+// Randomize the contents of the list
+void RandomizeList(LIST *o)
+{
+	LIST *o2;
+	UINT i;
+	// Validate arguments
+	if (o == NULL)
+	{
+		return;
+	}
+
+	o2 = NewListFast(NULL);
+
+	while (LIST_NUM(o) != 0)
+	{
+		UINT num = LIST_NUM(o);
+		UINT i = Rand32() % num;
+		void *p = LIST_DATA(o, i);
+
+		Add(o2, p);
+		Delete(o, p);
+	}
+
+	DeleteAll(o);
+
+	for (i = 0;i < LIST_NUM(o2);i++)
+	{
+		void *p = LIST_DATA(o2, i);
+
+		Add(o, p);
+	}
+
+	ReleaseList(o2);
+}
+
 // Add an integer to the list
 void AddInt(LIST *o, UINT i)
 {
--- a/src/Mayaqua/Memory.h
+++ b/src/Mayaqua/Memory.h
@ -387,6 +387,7 @@ void InsertInt(LIST *o, UINT i);
 void InsertInt64(LIST *o, UINT64 i);
 void InsertIntDistinct(LIST *o, UINT i);
 void InsertInt64Distinct(LIST *o, UINT64 i);
+void RandomizeList(LIST *o);

 void *GetNext(QUEUE *q);
 void *GetNextWithLock(QUEUE *q);
--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@ -225,6 +225,7 @@ static UINT rand_port_numbers[256] = {0};


 static bool g_use_privateip_file = false;
+static bool g_source_ip_validation_force_disable = false;

 typedef struct PRIVATE_IP_SUBNET
 {
@ -1537,6 +1538,17 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
 					// Save the IP address and port number at the time of registration
 					PackGetStr(p, "your_ip_and_port", r->NatT_Registered_IPAndPort, sizeof(r->NatT_Registered_IPAndPort));

+					if (g_source_ip_validation_force_disable == false)
+					{
+						// Enable the source IP address validation mechanism
+						r->NatT_EnableSourceIpValidation = PackGetBool(p, "enable_source_ip_validation");
+					}
+					else
+					{
+						// Force disable the source IP address validation mechanism
+						r->NatT_EnableSourceIpValidation = false;
+					}
+
 					// Global port of itself
 					my_global_port = PackGetInt(p, "your_port");

@ -1569,6 +1581,11 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
 						UCHAR *rand_data;
 						UINT rand_size;

+						if (r->NatT_EnableSourceIpValidation)
+						{
+							RUDPAddIpToValidateList(r, &client_ip);
+						}
+
 						rand_size = Rand32() % 19;
 						rand_data = Malloc(rand_size);

@ -1588,6 +1605,12 @@ void RUDPProcess_NatT_Recv(RUDP_STACK *r, UDPPACKET *udp)
 	FreeBuf(b);
 }

+// Set the flag of the source IP address validation function
+void RUDPSetSourceIpValidationForceDisable(bool b)
+{
+	g_source_ip_validation_force_disable = b;
+}
+
 // Process such as packet transmission for NAT-T server
 void RUDPDo_NatT_Interrupt(RUDP_STACK *r)
 {
@ -1826,6 +1849,11 @@ void RUDPRecvProc(RUDP_STACK *r, UDPPACKET *p)
 					// Entire number of sessions exceeds the limit
 					ok = false;
 				}
+				else if (r->NatT_EnableSourceIpValidation && RUDPIsIpInValidateList(r, &p->SrcIP) == false)
+				{
+					// Invalid source IP address, which is not registered on the validated source IP address list
+					ok = false;
+				}
 				else
 				{
 					UINT i;
@ -1942,6 +1970,138 @@ void RUDPRecvProc(RUDP_STACK *r, UDPPACKET *p)
 	}
 }

+// Check whether the specificed IP address is in the validated source IP address list
+bool RUDPIsIpInValidateList(RUDP_STACK *r, IP *ip)
+{
+	UINT i;
+	UINT64 now = Tick64();
+	LIST *o = NULL;
+	bool ret = false;
+	// Validate arguments
+	if (r == NULL || ip == NULL)
+	{
+		return false;
+	}
+
+	for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
+	{
+		RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
+
+		if (s->ExpiresTick <= now)
+		{
+			if (o == NULL)
+			{
+				o = NewListFast(NULL);
+			}
+
+			Add(o, s);
+		}
+	}
+
+	if (o != NULL)
+	{
+		for (i = 0;i < LIST_NUM(o);i++)
+		{
+			RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(o, i);
+
+			Delete(r->NatT_SourceIpList, s);
+
+			Free(s);
+		}
+
+		ReleaseList(o);
+	}
+
+	for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
+	{
+		RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
+
+		if (CmpIpAddr(&s->ClientIP, ip) == 0)
+		{
+			ret = true;
+			break;
+		}
+	}
+
+	Debug("RUDP: NAT-T: Validate IP: %r, ret=%u (current list len = %u)\n", ip, ret, LIST_NUM(r->NatT_SourceIpList));
+
+	return ret;
+}
+
+// Add an IP address to the validated source IP address list
+void RUDPAddIpToValidateList(RUDP_STACK *r, IP *ip)
+{
+	UINT i;
+	RUDP_SOURCE_IP *sip;
+	UINT64 now = Tick64();
+	LIST *o = NULL;
+	// Validate arguments
+	if (r == NULL || ip == NULL)
+	{
+		return;
+	}
+
+	if (LIST_NUM(r->NatT_SourceIpList) >= RUDP_MAX_VALIDATED_SOURCE_IP_ADDRESSES)
+	{
+		return;
+	}
+
+	for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
+	{
+		RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
+
+		if (s->ExpiresTick <= now)
+		{
+			if (o == NULL)
+			{
+				o = NewListFast(NULL);
+			}
+
+			Add(o, s);
+		}
+	}
+
+	if (o != NULL)
+	{
+		for (i = 0;i < LIST_NUM(o);i++)
+		{
+			RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(o, i);
+
+			Delete(r->NatT_SourceIpList, s);
+
+			Free(s);
+		}
+
+		ReleaseList(o);
+	}
+
+	sip = NULL;
+
+	for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
+	{
+		RUDP_SOURCE_IP *s = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
+
+		if (CmpIpAddr(&s->ClientIP, ip) == 0)
+		{
+			sip = s;
+			break;
+		}
+	}
+
+	if (sip == NULL)
+	{
+		sip = ZeroMalloc(sizeof(RUDP_SOURCE_IP));
+
+		Copy(&sip->ClientIP, ip, sizeof(IP));
+
+		Add(r->NatT_SourceIpList, sip);
+	}
+
+	sip->ExpiresTick = now + (UINT64)RUDP_VALIDATED_SOURCE_IP_ADDRESS_EXPIRES;
+
+	Debug("RUDP: NAT-T: Src IP added: %r (current list len = %u)\n", ip, LIST_NUM(r->NatT_SourceIpList));
+}
+
 // R-UDP interrupt processing procedure
 void RUDPInterruptProc(RUDP_STACK *r)
 {
@ -4759,6 +4919,7 @@ SOCK *NewRUDPClientNatT(char *svc_name, IP *ip, UINT *error_code, UINT timeout,
 		UINT result_port;
 		SOCK *ret = NULL;
 		UINT num_tries = 0;
+		UINT64 current_cookie = 0;

 		AddInterrupt(interrupt, giveup_tick);

@ -4832,6 +4993,12 @@ LABEL_TIMEOUT:

 						if (p != NULL)
 						{
+							UINT64 cookie = PackGetInt64(p, "cookie");
+							if (cookie != 0)
+							{
+								current_cookie = cookie;
+							}
+
 							// Compare tran_id
 							if (PackGetInt64(p, "tran_id") == tran_id)
 							{
@ -4901,6 +5068,7 @@ LABEL_TIMEOUT:
 				PackAddInt64(p, "tran_id", tran_id);
 				IPToStr(ip_str, sizeof(ip_str), ip);
 				PackAddStr(p, "dest_ip", ip_str);
+				PackAddInt64(p, "cookie", current_cookie);
 				if (IsEmptyStr(hint_str) == false)
 				{
 					PackAddStr(p, "hint", hint_str);
@ -5194,6 +5362,8 @@ RUDP_STACK *NewRUDP(bool server_mode, char *svc_name, RUDP_STACK_INTERRUPTS_PROC
 	r->NewSockQueue = NewQueue();
 	r->NatT_TranId = Rand64();

+	r->NatT_SourceIpList = NewListFast(NULL);
+
 	StrCpy(tmp, sizeof(tmp), r->SvcName);
 	Trim(tmp);
 	StrLower(tmp);
@ -5359,6 +5529,15 @@ void FreeRUDP(RUDP_STACK *r)
 		ReleaseSock(s);
 	}

+	for (i = 0;i < LIST_NUM(r->NatT_SourceIpList);i++)
+	{
+		RUDP_SOURCE_IP *sip = (RUDP_SOURCE_IP *)LIST_DATA(r->NatT_SourceIpList, i);
+
+		Free(sip);
+	}
+
+	ReleaseList(r->NatT_SourceIpList);
+
 	ReleaseQueue(r->NewSockQueue);

 	ReleaseList(r->SendPacketList);
@ -5559,7 +5738,7 @@ SSL_PIPE *NewSslPipe(bool server_mode, X *x, K *k, DH_CTX *dh)
 {
 	SSL_PIPE *s;
 	SSL *ssl;
-	SSL_CTX *ssl_ctx = NewSSLCtx();
+	SSL_CTX *ssl_ctx = NewSSLCtx(server_mode);

 	Lock(openssl_lock);
 	{
@ -11473,7 +11652,7 @@ UINT RecvFrom(SOCK *sock, IP *src_addr, UINT *src_port, void *data, UINT size)

 #ifdef	OS_WIN32
 		if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
-			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS)
+			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEADDRNOTAVAIL || WSAGetLastError() == WSAEADDRNOTAVAIL)
 		{
 			sock->IgnoreRecvErr = true;
 		}
@ -11553,7 +11732,7 @@ UINT RecvFrom6(SOCK *sock, IP *src_addr, UINT *src_port, void *data, UINT size)

 #ifdef	OS_WIN32
 		if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
-			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS)
+			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEADDRNOTAVAIL || WSAGetLastError() == WSAEADDRNOTAVAIL)
 		{
 			sock->IgnoreRecvErr = true;
 		}
@ -11665,7 +11844,7 @@ UINT SendToEx(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size,

 #ifdef	OS_WIN32
 		if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
-			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL)
+			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL || WSAGetLastError() == WSAEADDRNOTAVAIL)
 		{
 			sock->IgnoreSendErr = true;
 		}
@ -11768,7 +11947,7 @@ UINT SendTo6Ex(SOCK *sock, IP *dest_addr, UINT dest_port, void *data, UINT size,

 #ifdef	OS_WIN32
 		if (WSAGetLastError() == WSAECONNRESET || WSAGetLastError() == WSAENETRESET || WSAGetLastError() == WSAEMSGSIZE || WSAGetLastError() == WSAENETUNREACH ||
-			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL)
+			WSAGetLastError() == WSAENOBUFS || WSAGetLastError() == WSAEHOSTUNREACH || WSAGetLastError() == WSAEUSERS || WSAGetLastError() == WSAEINVAL || WSAGetLastError() == WSAEADDRNOTAVAIL)
 		{
 			sock->IgnoreSendErr = true;
 		}
@ -12354,6 +12533,7 @@ bool SendAll(SOCK *sock, void *data, UINT size, bool secure)
 // Set the cipher algorithm name to want to use
 void SetWantToUseCipher(SOCK *sock, char *name)
 {
+	char tmp[254];
 	// Validate arguments
 	if (sock == NULL || name == NULL)
 	{
@ -12364,7 +12544,13 @@ void SetWantToUseCipher(SOCK *sock, char *name)
 	{
 		Free(sock->WaitToUseCipher);
 	}
-	sock->WaitToUseCipher = CopyStr(name);
+
+	Zero(tmp, sizeof(tmp));
+	StrCpy(tmp, sizeof(tmp), name);
+	StrCat(tmp, sizeof(tmp), " ");
+	StrCat(tmp, sizeof(tmp), cipher_list);
+
+	sock->WaitToUseCipher = CopyStr(tmp);
 }

 // Add all the chain certificates in the chain_certs directory
@ -12372,7 +12558,10 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
 {
 	wchar_t dirname[MAX_SIZE];
 	wchar_t exedir[MAX_SIZE];
+	wchar_t txtname[MAX_SIZE];
 	DIRLIST *dir;
+	LIST *o;
+	UINT i;

 	// Validate arguments
 	if (ctx == NULL)
@ -12380,18 +12569,25 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
 		return;
 	}

+	o = NewListFast(NULL);
+
 	GetExeDirW(exedir, sizeof(exedir));

 	CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");

 	MakeDirExW(dirname);

+	CombinePathW(txtname, sizeof(txtname), dirname, L"Readme_Chain_Certs.txt");
+
+	if (IsFileExistsW(txtname) == false)
+	{
+		FileCopyW(L"|chain_certs.txt", txtname);
+	}
+
 	dir = EnumDirW(dirname);

 	if (dir != NULL)
 	{
-		UINT i;
-
 		for (i = 0;i < dir->NumFiles;i++)
 		{
 			DIRENT *e = dir->File[i];
@ -12406,9 +12602,30 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)
 				x = FileToXW(tmp);

 				if (x != NULL)
+				{
+					UINT j;
+					bool exists = false;
+					UCHAR hash[SHA1_SIZE];
+
+					GetXDigest(x, hash, true);
+
+					for (j = 0;j < LIST_NUM(o);j++)
+					{
+						UCHAR *hash2 = LIST_DATA(o, j);
+
+						if (Cmp(hash, hash2, SHA1_SIZE) == 0)
+						{
+							exists = true;
+						}
+					}
+
+					if (exists == false)
 					{
 						AddChainSslCert(ctx, x);

+						Add(o, Clone(hash, SHA1_SIZE));
+					}
+
 					FreeX(x);
 				}
 			}
@ -12416,6 +12633,15 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx)

 		FreeDir(dir);
 	}
+
+	for (i = 0;i < LIST_NUM(o);i++)
+	{
+		UCHAR *hash = LIST_DATA(o, i);
+
+		Free(hash);
+	}
+
+	ReleaseList(o);
 }

 // Add the chain certificate
@ -12503,7 +12729,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
 		return true;
 	}

-	ssl_ctx = NewSSLCtx();
+	ssl_ctx = NewSSLCtx(sock->ServerMode);

 	Lock(openssl_lock);
 	{
@ -16964,7 +17190,7 @@ void UnlockDnsCache()
 }

 // Create the SSL_CTX
-struct ssl_ctx_st *NewSSLCtx()
+struct ssl_ctx_st *NewSSLCtx(bool server_mode)
 {
 	struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());

@ -16972,6 +17198,13 @@ struct ssl_ctx_st *NewSSLCtx()
 	SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
 #endif	// SSL_OP_NO_TICKET

+#ifdef	SSL_OP_CIPHER_SERVER_PREFERENCE
+	if (server_mode)
+	{
+		SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+	}
+#endif	// SSL_OP_CIPHER_SERVER_PREFERENCE
+
 	return ctx;
 }

--- a/src/Mayaqua/Network.h
+++ b/src/Mayaqua/Network.h
@ -780,6 +780,16 @@ typedef bool (RUDP_STACK_RPC_RECV_PROC)(RUDP_STACK *r, UDPPACKET *p);
 // Minimum time to wait for a trial to connect by ICMP and DNS in case failing to connect by TCP
 #define	SOCK_CONNECT_WAIT_FOR_ICMP_AND_DNS_AT_LEAST		5000

+#define	RUDP_MAX_VALIDATED_SOURCE_IP_ADDRESSES		512
+#define	RUDP_VALIDATED_SOURCE_IP_ADDRESS_EXPIRES	(RUDP_TIMEOUT * 2)
+
+// Validated Source IP Addresses for R-UDP
+struct RUDP_SOURCE_IP
+{
+	UINT64 ExpiresTick;					// Expires
+	IP ClientIP;						// Client IP address
+};
+
 // R-UDP stack
 struct RUDP_STACK
 {
@ -832,6 +842,8 @@ struct RUDP_STACK
 	UINT LastDDnsFqdnHash;				// DNS FQDN hash value when last checked
 	volatile UINT *NatTGlobalUdpPort;	// NAT-T global UDP port
 	UCHAR RandPortId;					// Random UDP port ID
+	bool NatT_EnableSourceIpValidation;	// Enable the source IP address validation mechanism
+	LIST *NatT_SourceIpList;			// Authenticated source IP adddress list

 	// For Client
 	bool TargetIpAndPortInited;			// The target IP address and the port number are initialized
@ -926,7 +938,7 @@ struct HTTP_HEADER
 };

 // HTTPS server / client related string constant
-#define	DEFAULT_USER_AGENT	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
+#define	DEFAULT_USER_AGENT	"Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0"
 #define	DEFAULT_ACCEPT		"image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, */*"
 #define	DEFAULT_ENCODING	"gzip, deflate"
 #define	HTTP_CONTENT_TYPE	"text/html; charset=iso-8859-1"
@ -1061,6 +1073,9 @@ bool RUDPProcessBulkRecvPacket(RUDP_STACK *r, RUDP_SESSION *se, void *recv_data,
 UINT RUDPCalcBestMssForBulk(RUDP_STACK *r, RUDP_SESSION *se);
 bool IsIPLocalHostOrMySelf(IP *ip);
 UINT RUDPGetRandPortNumber(UCHAR rand_port_id);
+void RUDPSetSourceIpValidationForceDisable(bool b);
+bool RUDPIsIpInValidateList(RUDP_STACK *r, IP *ip);
+void RUDPAddIpToValidateList(RUDP_STACK *r, IP *ip);

 bool GetBestLocalIpForTarget(IP *local_ip, IP *target_ip);
 SOCK *NewUDP4ForSpecificIp(IP *target_ip, UINT port);
@ -1558,7 +1573,7 @@ bool IsMacAddressLocalInner(LIST *o, void *addr);
 bool IsMacAddressLocalFast(void *addr);
 void RefreshLocalMacAddressList();

-struct ssl_ctx_st *NewSSLCtx();
+struct ssl_ctx_st *NewSSLCtx(bool server_mode);
 void FreeSSLCtx(struct ssl_ctx_st *ctx);

 void SetCurrentDDnsFqdn(char *name);
--- a/src/Mayaqua/Table.c
+++ b/src/Mayaqua/Table.c
@ -1409,11 +1409,11 @@ bool LoadTableMain(wchar_t *filename)

 		SaveUnicodeCache(filename, b->Size, hash);

-		Debug("Unicode Source: strtable.stb\n");
+		//Debug("Unicode Source: strtable.stb\n");
 	}
 	else
 	{
-		Debug("Unicode Source: unicode_cache\n");
+		//Debug("Unicode Source: unicode_cache\n");
 	}

 	FreeBuf(b);
@ -1434,7 +1434,7 @@ bool LoadTableMain(wchar_t *filename)
 		return false;
 	}

-	Debug("Unicode File Read Cost: %u (%u Lines)\n", (UINT)(t2 - t1), LIST_NUM(TableList));
+	//Debug("Unicode File Read Cost: %u (%u Lines)\n", (UINT)(t2 - t1), LIST_NUM(TableList));

 	return true;
 }
--- a/src/Mayaqua/TcpIp.c
+++ b/src/Mayaqua/TcpIp.c
@ -1813,12 +1813,13 @@ PKT *ParsePacketEx4(UCHAR *buf, UINT size, bool no_l3, UINT vlan_type_id, bool b
 	if (no_http == false)
 	{
 		USHORT port_raw = Endian16(80);
+		USHORT port_raw2 = Endian16(8080);

 		// Analyze if the packet is a part of HTTP
 		if ((p->TypeL3 == L3_IPV4 || p->TypeL3 == L3_IPV6) && p->TypeL4 == L4_TCP)
 		{
 			TCP_HEADER *tcp = p->L4.TCPHeader;
-			if (tcp->DstPort == port_raw)
+			if (tcp->DstPort == port_raw || tcp->DstPort == port_raw2)
 			{
 				if (tcp != NULL && (!((tcp->Flag & TCP_SYN) || (tcp->Flag & TCP_RST) || (tcp->Flag & TCP_FIN))))
 				{
--- a/src/Wfp/Wfp.c
+++ b/src/Wfp/Wfp.c
@ -521,7 +521,7 @@ void NTAPI CalloutClassify(const FWPS_INCOMING_VALUES0* inFixedValues,
 		{
 			NET_BUFFER *nb = NET_BUFFER_LIST_FIRST_NB(nbl);

-			if (nb != NULL && NET_BUFFER_NEXT_NB(nb) == NULL)
+			if (nb != NULL && NET_BUFFER_NEXT_NB(nb) == NULL && (NET_BUFFER_DATA_OFFSET(nb) >= inMetaValues->ipHeaderSize))
 			{
 				if (OK(NdisRetreatNetBufferDataStart(nb, inMetaValues->ipHeaderSize, 0, NULL)))
 				{
--- a/src/bin/hamcore/SeLow_x64.sys
+++ b/src/bin/hamcore/SeLow_x64.sys
--- a/src/bin/hamcore/SeLow_x86.sys
+++ b/src/bin/hamcore/SeLow_x86.sys
--- a/src/bin/hamcore/inf/selow_x64/SeLow_x64.inf
+++ b/src/bin/hamcore/inf/selow_x64/SeLow_x64.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= NetTrans
 ClassGUID					= {4D36E975-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_selow.cat

@ -66,5 +66,5 @@ SeLow_Description			= "A lightweight helper kernel-mode module for PacketiX VPN



-; Auto Generated 20140409_021333.421
+; Auto Generated 20140419_144301.339

--- a/src/bin/hamcore/inf/selow_x64/inf.cat
+++ b/src/bin/hamcore/inf/selow_x64/inf.cat
--- a/src/bin/hamcore/inf/selow_x86/SeLow_x86.inf
+++ b/src/bin/hamcore/inf/selow_x86/SeLow_x86.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= NetTrans
 ClassGUID					= {4D36E975-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_selow.cat

@ -66,5 +66,5 @@ SeLow_Description			= "A lightweight helper kernel-mode module for PacketiX VPN



-; Auto Generated 20140409_021215.535
+; Auto Generated 20140419_144133.148

--- a/src/bin/hamcore/inf/selow_x86/inf.cat
+++ b/src/bin/hamcore/inf/selow_x86/inf.cat
--- a/src/bin/hamcore/inf/x64/INF_VPN.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN10.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN10.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN10.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN100.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN100.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN100.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN101.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN101.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN101.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN102.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN102.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN102.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN103.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN103.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN103.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN104.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN104.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN104.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN105.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN105.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN105.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN106.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN106.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN106.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN107.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN107.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN107.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN108.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN108.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN108.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN109.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN109.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN109.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN11.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN11.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN11.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN110.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN110.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN110.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN111.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN111.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN111.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN112.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN112.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN112.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN113.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN113.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN113.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN114.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN114.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN114.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN115.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN115.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN115.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN116.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN116.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN116.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN117.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN117.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN117.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN118.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN118.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN118.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN119.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN119.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN119.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN12.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN12.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN12.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN120.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN120.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN120.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN121.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN121.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN121.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN122.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN122.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN122.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN123.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN123.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN123.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN124.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN124.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN124.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN125.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN125.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN125.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN126.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN126.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN126.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN127.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN127.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN127.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN13.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN13.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN13.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN14.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN14.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN14.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN15.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN15.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN15.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN16.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN16.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN16.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN17.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN17.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN17.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN18.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN18.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN18.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN19.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN19.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN19.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN2.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN2.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN2.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN20.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN20.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN20.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN21.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN21.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN21.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN22.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN22.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN22.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN23.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN23.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN23.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN24.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN24.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN24.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN25.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN25.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN25.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN26.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN26.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN26.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN27.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN27.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN27.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN28.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN28.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN28.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN29.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN29.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN29.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN3.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN3.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN3.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN30.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN30.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN30.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN31.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN31.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN31.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN32.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN32.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN32.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN33.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN33.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN33.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN34.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN34.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN34.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN35.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN35.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN35.cat

--- a/src/bin/hamcore/inf/x64/INF_VPN36.inf
+++ b/src/bin/hamcore/inf/x64/INF_VPN36.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= Net
 ClassGUID					= {4D36E972-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 04/09/2014, 4.6.0.9436
+DriverVer					= 04/19/2014, 4.6.0.9438

 CatalogFile.NT				= inf_VPN36.cat

--- a/Show More
+++ b/Show More